Use Kea DHCP server as ISC DHCP server (dhcpd) is being phased out

The ISC DHCP server (dhcpd) was traditionally used to set up a DHCP server in Linux, but the software is reaching end-of-life, and the Internet Systems Consortium is now recommending their own Kea DHCP server or alternatives such as Dnsmasq or udhcpd (as found in Busybox) as a replacement.

I was unaware of this having just used the isc-dhcp-server package to set up a DHCP server in NanoPi R6C router/mini PC earlier this month. But a blog post on Ubuntu informed us dhcpd was going away, and Canonical plans to switch over the Kea DHCP server instead.

KEA DHCP server

The main difference from the user perspective is that Kea relies on JSON configuration files so all your dhcpd files will have to be rewritten.

Other highlights for the Kea DHCP server include:

  • Modular component design, extensible with hooks modules. Kea includes daemons for a DHCPv4 server, a DHCPv6 server, and a dynamic DNS (DDNS) module, and optional features are enabled with dynamically-loaded “hooks modules,” which you need run only if you are using them. It’s also possible to write your own hooks modules in C++.
  • On-line re-configuration with REST API. Kea uses a JSON configuration file that can be modified remotely via set commands and reloaded without stopping and restarting the server. While the ISC DHCP server needs to be restarted when updating the configuration.
  • Designed to integrate with your existing systems. Kea allows you to separate the data from the execution environment, so your network data – leases, host reservation definitions, and most configuration data – can be located separately from the DHCP server itself, using a Kea “backend” to store the data in MySQL or PostgreSQL databases
  • Web-based graphical dashboard. Kea has a graphical dashboard, called Stork, for monitoring multiple Kea servers. The system uses agents deployed on the Kea servers to relay information to a centralized management platform.
Kea Stork Screenshot
Kea Stork screenshot

Here’s an example of Kea JSON configuration file:


That’s quite different from your typical dhcpd.conf file. There’s already extensive documentation for the Kea DHCP server, and it is already officially supported in several Linux and BSD distributions including Alpine 3.12/3.13, CentOS 7/8, Debian 9/10/11, Fedora 33/34, FreeBSD 12.1/13.0, and Ubuntu 18.04/20.04/21.04.

There are several Kea packages in Ubuntu 22.04:


You can install a specific package:


or install them all:


You’ll find more details to build it from source, install it in your specific distro, and configuration in the Quick Start section of the documentation. The official project page may also have additional information.

Share this:

Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress

Radxa Orion O6 Armv9 mini-ITX motherboard
Subscribe
Notify of
guest
The comment form collects your name, email and content to allow us keep track of the comments placed on the website. Please read and accept our website Terms and Privacy Policy to post a comment.
17 Comments
oldest
newest
Willy
1 year ago

Given the numerous deployments and the amount of software that were designed to interact with such config files and leases, purposely breaking compatibility with what is deployed is the best way to make sure that outdated and insecure versions will continue to run in field for the next decade. At the very least a compatibility mode would help with the transition. A smart move, really… Some people do not understand that for many users (especially in enterprise), config files are extremely precious assets. This is for example how rsyslog managed to take over sysklogd despite syslog-ng being known for longer… Read more »

andelf
andelf
1 year ago

This
For “normal” users, a compatibility layer is required. Personally, it’s not worth the energy to learn a whole new architecture.
The best migration I’ve yet seen is from docker to podman – the same commands are used, so the migration is basically “Remove docker. Symlink docker -> podman. Done”

David Willmore
David Willmore
1 year ago

Ugg, as someone just rolling out new servers in their home, I recenlty moved my ISC-DHCP server configs to new machines, so this is fresh in my memory. I’ve been using ISC-DHCP for over a decade. I know what I want out of a DHCP server and kea brings *nothing* to the table. As a matter of fact all the changes it makes are liabilities. JSON config? Why? If I decide to move (and not just stay with my current setup forever), it won’t be to kea as it offers me nothing that I see any value in. I have… Read more »

tkaiser
tkaiser
1 year ago

> Anyone got a recommendation for a DHCP server that supports server redundancy?

Just a suggestion if it’s your home (lab): if you increase lease time to a few days then once a DHCP server disappears you have some time to set up another fresh one that will then learn automagically from DHCP compliant clients the former MAC <–> IPA assignments (at least with dnsmasq it works that way, the internal ‘lease database’ of a new server will repopulate over time).

David Willmore
David Willmore
1 year ago

That’s an option, but I have come to enjoy having redundant DHCP servers because I have a lot of new devices coming on the network frequently–ESP dev boards, etc. I could just use non-redundant servers (I could keep a backup configured but not running) and do the work manually, but I have really come to like having the fault tolerant nature of the old ISC DHCP server.

tkaiser
tkaiser
1 year ago

> I could just use non-redundant servers

I was really talking about something different: using just one server (basic config in gitlab oder something like that) serving the clients. Once the server fails clients aren’t affected as long as the leases don’t expire, then setting up a new DHCP server (pulling in the config via git) will end up with the new server learning the assignments automagically. No redundancy at all just increasing lease times.

David Willmore
David Willmore
1 year ago

I understood that. I was just saying that (since I have redundant machines) I might as well pre-configure the ‘backup’ server and only have to start the service when I notice the primary has failed.

ManoftheSea
ManoftheSea
1 year ago

kb.isc.org/docs/migrating-from-isc-dhcp-to-kea-dhcp-using-the-migration-assistant
There’s a migration tool to convert the config files. Though, they suggest migrating when you’re changing something else too, which sounds like terrible advice.

David Willmore
David Willmore
1 year ago

If I ever read another article about ChatGPT, it will be too soon…

tkaiser
tkaiser
1 year ago

Well, seems to be the future of system administration. Just throw whatever task into that AI (artificial idiocy), trust blindly into the output, deploy it.

Nobody knows how the stuff works, why it works or why it doesn’t work. But ofc we have this already today. This Reddit Outage post mortem is really fun to read. What could go possibly wrong stacking up sh*tloads of complexity w/o anyone fully understanding what’s going on. 🙂

Willy
1 year ago

Some admins are discovering that it invents CVEs and Git commit IDs but they trust it 🙂 I showed to some how to make it invent them in a very trustable form, just by asking. When you see this, any admin should be scared to rely on it for their systems. They don’t understand the principle of predicting text, nowhere it’s claimed that in addition to looking valid it must be true, but it speaks with authority (in fact the same authority as some admins in certain enterprises who say bullshit all the day), so people will trust it.

David Willmore
David Willmore
1 year ago

Geeez! I thought it was silly to blindly trust things I found on stackexchange for sysadmin work, but just giving ChatGPT root??? That’s insane!

“You want SkyNet? That’s how you get SkyNet!”

David Jashi
1 year ago

I was begging it for an SVG file for a 3 by 4 by 5 triangle for half an hour out of sheer spite. It failed.

David Jashi
1 year ago

First and obvious question: is there a .conf convertion/migration tool available?

Rob Fowler
Rob Fowler
1 year ago

I went to technitium. It seems even faster than dnsmasq and has a nice gui. DNS, DHCP, caching, blocklists etc.

Boardcon Rockchip RK3588S SBC with 8K, WiFI 6, 4G LTE, NVME SSD, HDMI 2.1...