Installation of ISC Kea DHCP Server
First fix detection of Python-3.12 by the build system:
sed -e 's/:3/:4/' \
-i configure
Remove one installation step that uses an obsolete python module:
sed -e '/dlist="/d' \
-i src/bin/shell/Makefile.in
Install ISC Kea DHCP Server by
running the following commands:
./configure --prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
--enable-shell \
--with-openssl \
--disable-static \
--docdir=/usr/share/doc/kea-2.4.1 &&
make
To test the results, you must have installed GoogleTest and kept
its source. You should also have passed --with-gtest-source=/path/to/googletest/sourcedir
to configure above.
Run the tests with make
check. Three tests in the TLSTest suite are known
to fail.
To install the ISC Kea DHCP Server
suite, issue the following commands as the root
user:
make -j1 install
Command Explanations
--enable-shell
: Allows
building kea-shell, a
command line interface for the control agent.
--with-openssl
: Allows
using OpenSSL for communicating with the control-agent and for DNS
updates.
--disable-static
:
このスイッチはスタティックライブラリをインストールしないようにします。
--with-pgsql
or --with-mysql
: ISC
Kea can store the leases on a database. This might be useful
in large environments running a cluster of DHCP servers. Using the
memfile backend (which is a
CSV file stored locally) is possible anyhow.
--enable-generate-docs
: If
documentation is to be rebuilt, add that option. Several
dependencies must be installed for generating the documentation.
make -j1 install: ISC
does not recommend any form of parallel or job server options when
doing the install.
Configuring ISC Kea DHCP Server
The support of IPv4, IPv6 and DDNS has been split into separate
servers which runs independently from each other. Each of them has
its own configuration file.
Consult the Kea Administrator
Reference Manual for detailed information about the
configuration of ISC Kea as it is
a quite capable system. The configuration shown below is a bare
minimum to get a DHCP server running but it already includes
configuration for DDNS (Dynamic DNS). That setup might be working
for small networks with a few clients and low traffic. For greater
installations with thousands of clients, ISC Kea can be configured to use databases
(mariadb or postgresql) to store the leases and build a cluster
with multiple nodes. It can be integrated to ISC Stork which is a
management dashboard to ISC Kea.
If you want to start the DHCP Server at boot, install the
kea-dhcpd.service
unit included in the
blfs-systemd-units-20231205 package:
make install-kea-dhcpd
Config Files
/etc/kea/kea-ctrl-agent.conf
,
/etc/kea/kea-dhcp4.conf
,
/etc/kea/kea-dhcp6.conf
, and
/etc/kea/kea-dhcp-ddns.conf
Kea
Configuration Using Systemd Units
Four service units are used to start various daemons provided by
Kea:
-
Control Agent
The Control Agent is a daemon which allows the
(re)configuration of the Kea DHCP service via REST API. Run
systemctl enable
kea-ctrl-agent if this daemon is needed.
-
IPv4 DHCP server
This daemon handles requests for IPv4 addresses. Run
systemctl enable
kea-dhcp4-server to have it started by
systemd.
-
IPv6 DHCP server
This daemon handles requests for IPv6 addresses. Run
systemctl enable
kea-dhcp6-server to have it started by
systemd.
-
Dynamic DNS
This daemon is used to update a DNS server dynamically when
Kea assigns an IP address to a device. Run systemctl enable
kea-ddns-server to have it started by
systemd.
The Netconf service is not installed because required
dependencies are not covered by the current BLFS book.
Control Agent Configuration
The provided configuration could be used without changes but in
BLFS, objects like sockets are stored in /run
rather than in /tmp
.
cat > /etc/kea/kea-ctrl-agent.conf << "EOF"
// Begin /etc/kea/kea-ctrl-agent.conf
{
// This is a basic configuration for the Kea Control Agent.
// RESTful interface to be available at http://127.0.0.1:8000/
"Control-agent": {
"http-host": "127.0.0.1",
"http-port": 8000,
"control-sockets": {
"dhcp4": {
"socket-type": "unix",
"socket-name": "/run/kea4-ctrl-socket"
},
"dhcp6": {
"socket-type": "unix",
"socket-name": "/run/kea6-ctrl-socket"
},
"d2": {
"socket-type": "unix",
"socket-name": "/run/kea-ddns-ctrl-socket"
}
},
"loggers": [
{
"name": "kea-ctrl-agent",
"output_options": [
{
"output": "/var/log/kea-ctrl-agent.log",
"pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p %m\n"
}
],
"severity": "INFO",
"debuglevel": 0
}
]
}
}
// End /etc/kea/kea-ctrl-agent.conf
EOF
IPv4 DHCP
Server Configuration
A sample configuration file is created in /etc/kea/kea-dhcp4.conf
. Adjust the file to
suit your needs or overwrite it by running the following command
as the root
user (you'll need to
edit this file anyway: at least the interfaces field, the ddns-qualifying-suffix field, and
almost all the fields in Subnet4:
cat > /etc/kea/kea-dhcp4.conf << "EOF"
// Begin /etc/kea/kea-dhcp4.conf
{
"Dhcp4": {
// Add names of your network interfaces to listen on.
"interfaces-config": {
"interfaces": [ "eth0", "eth2" ]
},
"control-socket": {
"socket-type": "unix",
"socket-name": "/run/kea4-ctrl-socket"
},
"lease-database": {
"type": "memfile",
"lfc-interval": 3600
},
"expired-leases-processing": {
"reclaim-timer-wait-time": 10,
"flush-reclaimed-timer-wait-time": 25,
"hold-reclaimed-time": 3600,
"max-reclaim-leases": 100,
"max-reclaim-time": 250,
"unwarned-reclaim-cycles": 5
},
"renew-timer": 900,
"rebind-timer": 1800,
"valid-lifetime": 3600,
// Enable DDNS - Kea will dynamically update the DNS
"ddns-send-updates" : true,
"ddns-qualifying-suffix": "your.domain.tld",
"dhcp-ddns" : {
"enable-updates": true
},
"subnet4": [
{
"subnet": "192.168.56.0/24",
"pools": [ { "pool": "192.168.56.16 - 192.168.56.254" } ],
"option-data": [
{
"name": "domain-name",
"data": "your.domain.tld"
},
{
"name": "domain-name-servers",
"data": "192.168.56.2, 192.168.3.7"
},
{
"name": "domain-search",
"data": "your.domain.tld"
},
{
"name": "routers",
"data": "192.168.56.2"
}
]
}
],
"loggers": [
{
"name": "kea-dhcp4",
"output_options": [
{
"output": "/var/log/kea-dhcp4.log",
"pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p %m\n"
}
],
"severity": "INFO",
"debuglevel": 0
}
]
}
}
// End /etc/kea/kea-dhcp4.conf
EOF
IPv6 DHCP
Server Configuration
The configuration for IPv6 is similar to the configuration of
IPv4. The configuration file is /etc/kea/kea-dhcp6.conf
.
Dynamic DNS Configuration
If there is a BIND-9.18.20 server running, ISC Kea can update the DNS when it gives an
IP address to a client. A sample configuration file is created in
/etc/kea/kea-dhcp-ddns.conf
. Adjust
the file to suit your needs or overwrite it by running the
following command as the root
user:
cat > /etc/kea/kea-dhcp-ddns.conf << "EOF"
// Begin /etc/kea/kea-dhcp-ddns.conf
{
"DhcpDdns": {
"ip-address": "127.0.0.1",
"port": 53001,
"control-socket": {
"socket-type": "unix",
"socket-name": "/run/kea-ddns-ctrl-socket"
},
"tsig-keys": [
{
"name" : "rndc-key",
"algorithm" : "hmac-sha256",
"secret" : "1FU5hD7faYaajQCjSdA54JkTPQxbbPrRnzOKqHcD9cM="
}
],
"forward-ddns" : {
"ddns-domains" : [
{
"name" : "your.domain.tld.",
"key-name": "rndc-key",
"dns-servers" : [
{
"ip-address" : "127.0.0.1",
"port" : 53
}
]
}
]
},
"reverse-ddns" : {
"ddns-domains" : [
{
"name" : "56.168.192.in-addr.arpa.",
"key-name": "rndc-key",
"dns-servers" : [
{
"ip-address" : "127.0.0.1",
"port" : 53
}
]
}
]
},
"loggers": [
{
"name": "kea-dhcp-ddns",
"output_options": [
{
"output": "/var/log/kea-ddns.log",
"pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p %m\n"
}
],
"severity": "INFO",
"debuglevel": 0
}
]
}
}
// End /etc/kea/kea-dhcp-ddns.conf
EOF
注記
The value of secret
is just an
example. Generate the key for your installation by using the
rndc-confgen -a
command or the tsig-keygen command which
both are provided by BIND-9.18.20.
In this example configuration, it is assumed that the DNS
server runs on the same machine as Kea does (accessible via
127.0.0.1
) and that this machine
has the IP 192.168.56.2
.