Re: [Kea-users] ddns for a zone in multiple views

2025-11-25 Thread Ben Sparks (bzsparks.com) via Kea-users 
Hi Peter,

Thank you, your suggestion pointed me in the correct direction. I'm now using 
the "in-view" zone option to share zones between views. Kea is now sending ddns 
updates to the primary view which are visible to all other views now. This also 
simplified the bind9 configuration.

Thanks again,

Ben

On Tuesday, November 25th, 2025 at 11:26 AM, Peter Davies  
wrote:

> Hi Ben,
> In a kea-dhcp-ddns configuration file, each “dns-domain” definition can 
> include
> a single "key-name" statement, which refers to a previously defined TSig key.
>
> Since kea-dhcp-ddns does not permit duplicate dns-domain definitions, 
> assigning
> multiple keys to the same domain is not possible.
>
> One option to overcome this is to load the same zone in all views on your DNS
> server. This could address the key limitation of the assignment.
>
> If multiple forward zones were updated at each lease renewal, implementing
> conflict resolution would be rather complex.
>
> Kind Regards Peter
>
> On 24/11/2025 16.30, Ben Sparks (bzsparks.com) via Kea-users wrote:
>
>> Hello,
>>
>> I have a question about kea ddns sending to bind9 with multiple views for 
>> the same zone. We separate different networks by view for control of 
>> response policy zones but I would like all users to be able to perform 
>> forward and reserve resolutions for devices.
>>
>> Is something like this possible?
>>
>> #bind9 views
>> view 1
>> tsig1-key
>> zone iot.example.com
>>
>> view 2
>> tsig2-key
>> zone iot.example.com
>>
>> view 3
>> tsig3-key
>> zone iot.example.com
>>
>> #kea ddns
>> "ddns-domains": [
>> {
>> "name": "iot.example.com.",
>> "key-names": [
>> "tsig1-key",
>> "tsig2-key",
>> "tsig3-key"
>> ],
>> "dns-servers": [
>> { "ip-address": "10.1.1.1" }
>> ]
>> }
>> ]
>>
>> "ddns-domains": [
>> {
>> "name": "1.2.10.in-addr.arpa.",
>> "key-names": [
>> "tsig1-key",
>> "tsig2-key",
>> "tsig3-key"
>> ],
>> "dns-servers": [
>> { "ip-address": "10.1.1.1" }
>> ]
>> } ]
>>
>> Thank you,
>>
>> Ben
>
> --
> Peter Davies
> Support Engineer
> Internet Systems Corporation-- 
ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
[email protected]

Re: [Kea-users] ddns for a zone in multiple views

2025-11-25 Thread Peter Davies 

Hi Ben,
   In a kea-dhcp-ddns configuration file, each “dns-domain” definition 
can include
a single "key-name" statement, which refers to a previously defined TSig 
key.


Since kea-dhcp-ddns does not permit duplicate dns-domain definitions, 
assigning

multiple keys to the same domain is not possible.

One option to overcome this is to load the same zone in all views on 
your DNS

server. This could address the key limitation of the assignment.


If multiple forward zones were updated at each lease renewal, implementing
conflict resolution would be rather complex.

Kind Regards Peter

On 24/11/2025 16.30, Ben Sparks (bzsparks.com) via Kea-users wrote:

Hello,

I have a question about kea ddns sending to bind9 with multiple views 
for the same zone.  We separate different networks by view for control 
of response policy zones but I would like all users to be able to 
perform forward and reserve resolutions for devices.


Is something like this possible?

#bind9 views
view 1
tsig1-key
zone iot.example.com 

view 2
tsig2-key
zone iot.example.com 

view 3
tsig3-key
zone iot.example.com 

#kea ddns
"ddns-domains": [
    {
        "name": "iot.example.com .",
        "key-names": [
            "tsig1-key",
            "tsig2-key",
            "tsig3-key"
        ],
        "dns-servers": [
            { "ip-address": "10.1.1.1" }
        ]
    }
]

"ddns-domains": [
    {
        "name": "1.2.10.in-addr.arpa.",
        "key-names": [
            "tsig1-key",
            "tsig2-key",
            "tsig3-key"
        ],
        "dns-servers": [
            { "ip-address": "10.1.1.1" }
        ]
    }
]

Thank you,

Ben


--
Peter Davies
Support Engineer
Internet Systems Corporation
-- 
ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
[email protected]