Hi Ben,
In a kea-dhcp-ddns configuration file, each “dns-domain” definition
can include
a single "key-name" statement, which refers to a previously defined TSig
key.
Since kea-dhcp-ddns does not permit duplicate dns-domain definitions,
assigning
multiple keys to the same domain is not possible.
One option to overcome this is to load the same zone in all views on
your DNS
server. This could address the key limitation of the assignment.
If multiple forward zones were updated at each lease renewal, implementing
conflict resolution would be rather complex.
Kind Regards Peter
On 24/11/2025 16.30, Ben Sparks (bzsparks.com) via Kea-users wrote:
Hello,
I have a question about kea ddns sending to bind9 with multiple views
for the same zone. We separate different networks by view for control
of response policy zones but I would like all users to be able to
perform forward and reserve resolutions for devices.
Is something like this possible?
#bind9 views
view 1
tsig1-key
zone iot.example.com <http://iot.example.com>
view 2
tsig2-key
zone iot.example.com <http://iot.example.com>
view 3
tsig3-key
zone iot.example.com <http://iot.example.com>
#kea ddns
"ddns-domains": [
{
"name": "iot.example.com <http://iot.example.com>.",
"key-names": [
"tsig1-key",
"tsig2-key",
"tsig3-key"
],
"dns-servers": [
{ "ip-address": "10.1.1.1" }
]
}
]
"ddns-domains": [
{
"name": "1.2.10.in-addr.arpa.",
"key-names": [
"tsig1-key",
"tsig2-key",
"tsig3-key"
],
"dns-servers": [
{ "ip-address": "10.1.1.1" }
]
}
]
Thank you,
Ben
--
Peter Davies
Support Engineer
Internet Systems Corporation
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
[email protected]
