Hi, On Tue, Apr 29, 2025 at 3:24 AM Christoph Markert <magg...@gmail.com> wrote: > > Hi Darren, > > thank you for your swift response. > Here is an update after further investigation: > A) My reverse zone file for IPv6 had an issue in BIND - it wasn't defined > correctly (there was an issue when I typed in the reverse address). I > corrected that. I tested it with only requesting a v6 address and > consequently the zone files have been updating correctly in BIND. > B) My DHCP client (in this test case a Windows 11 machine) sends different > DHCIDs for v4 and v6 - this seems to be Windows 11 default based on my > research. However, according to RFC4701 and RFC4361 the DHCIDs used in v4 > and v6 DHCP requests (to KEA) need to > be identical so that KEA-DDNS can perform a match between the requests. See > also 'https://lists.isc.org/pipermail/kea-users/2023-June/004068.html'. You > can see an excerpt from my DDNS log at the end of my response. In there you > can see the DHCIDs are different for v4 and v6 incl. the corresponding error > messages (see RCODE '8', which apparently indicates this issue - based on my > current understanding).
Most likely, Kea is creating your DHCID records (unless your clients are updating DNS directly). See here: https://kea.readthedocs.io/en/kea-2.6.2/arm/ddns.html#conflict-resolution > > Question 1: since it is very difficult to control each client how they create > their DHCID for v4 and v6, is there any setting in KEA (or BIND) to make a > matching work between v4 and v6 even though the DHCID may be different. I > played around with match-client-ID in KEA v4, but currently I am unsure > whether this solves this issue. For dual stack environments, see here: https://kea.readthedocs.io/en/kea-2.6.2/arm/ddns.html#dual-stack-environments but realistically, about all you could try would be to disable conflict resolution with DHCID records unless you have clients that do support RFC 4361 This recent Gitlab issue from another user describes the problem I think you are encountering: https://gitlab.isc.org/isc-projects/kea/-/issues/3780 > Question 2 - for proper testing: to fully remove a v4 or v6 lease from KEA, > is it sufficient to just delete it from the csv-files or is there anything > else to do as it seems I get strange behaviours when just removing a lease > from the csv-file(s) (since there are 2 files for v4 and 2 files for v6)? How > can I flush all or specific v4 / v6 leases properly? I do have a combination > of dynamic IP pools and reserved/static IPs in my KEA v4/v6 configuration. If you simply delete the lease file, then you'll have orphaned DNS records hanging around. For testing, I recommend a short lease (perhaps 5 minutes) so that you can just wait for the lease to expire and things to happen naturally. Thank you, Darren Ankney -- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users
