Kea DHCP: Modern, open source DHCPv4 and DHCPv6 server

Posted by doener 12/3/2025

Kea DHCP: Modern, open source DHCPv4 and DHCPv6 server(www.isc.org)

130 points | 53 commentspage 2

WarOnPrivacy 12/4/2025|

Once day I will stop procrastinating and migrate my pfsense boxes over to Kea. I hope I like it.

I'll be thrilled if the expected DNS integration works and I don't get the side effects I get now from ISC.

wpm 12/4/2025||

I did for like a day when I upgraded to 2.7, until I found out that Kea, at the time at least, did not do MAC address based IP reservations, and you had to use the client identifier instead. So all my static leases stopped working.

So I switched back to the old dhcpd. shrug I'm sure whatever was going on (dunno if it was ISC or Kea or pfsense et. al) has been fixed since then, but I can't upgrade to 2.8 without giving Netgate my personal data[1] so I have to switch to OPNSense anyways.

[1] aside, not to say I really blame Netgate, they do a lot of great work and commit a ton to FreeBSD, and they want to stop people abusing that by selling gateways and such with their work on them, but also...man just let me download the goddamn iso. At least let me compile 2.8 from source! The source isn't even available last I checked! I was fine compiling my own QAT driver. But alas...

parliament32 12/5/2025||

Kea itself seems to support it[1] so I guess it's a pfsense limitation. I haven't tried the switch myself but it's on the to-do list.

[1] "hw-address" here: https://kb.isc.org/docs/what-are-host-reservations-how-to-us...

gerdesj 12/4/2025||

I migrated my home router over to Kea and was distinctly unimpressed - it just carried on working 8) I do run a pretty full on pfBlocker-NG. I run quite a few other pfs too (31).

At work I have a CARP cluster of two elderly Dell servers with a lot of NICS. I have a change logged for next week.

Lammy 12/4/2025||

Kea has broken with my config twice now over as many years when upgrading versions. I regret jumping from ISC-DHCPd for my 2023 PF-box reinstall just because they called it “EOL”

denkmoon 12/4/2025||

I assume it's just how pfsense is using Kea, but moving to this has been a bit regretful. Since moving from the legacy one to Kea, my static reservations don't work first time. Clients get given an address from the pool and then some time later (hours) get their static reservation. No clue why, from reading doc it seems like this is intended behaviour and that static reservations are discouraged??

On isc-dhcp, clients got their static reservation straight up.

zenoprax 12/4/2025||

Do you mean "Static Mappings"? I have a couple dozen of those and had no issue during my pfSense upgrade. I also rely heavily on two settings in "Services > DHCP Server":

- [x] Enable DNS Registration (leases will auto-register with the DNS Resolver)

- [x] Enable Early DNS Registration (static mappings will auto-register with the DNS Resolver)

I do not use the "Create a static ARP table entry for this MAC & IP Address pair." option for individual static mappings.

Hopefully this helps you in your troubleshooting.

tw04 12/4/2025|||

I’ve got 60+ static reservations across multiple VLANs and don’t see this behavior. I’m not sure where you read it’s expected behavior, but it isn’t.

I’m guessing it’s something in you’re config.

denkmoon 12/4/2025||

on pfsense?

toast0 12/4/2025||

> Clients get given an address from the pool and then some time later (hours) get their static reservation.

I'm still on isc-dhcp (and not pfsense either) but is there a chance you have two DHCP servers running?

jesprenj 12/4/2025||

unfortunate that you can't start it without the ethernet interface in UP state. if you start it while the ethernet cable is disconnected, it will start the daemon but not actually "listen" on the device, even after the cable gets plugged in.

my solution: create a bridge with your ethernet device and add a dummy device and UP the said summy device, thereby UPing the bridge.

zombielinux 12/4/2025||

I've deployed Kea in some interesting applications. I quite like its failover options for redundancy purposes.

Definitely has a learning curve for odd devices that "support" DHCP, but I've been happy with how it works, its outputs, and how it can easily be segmented.

VTimofeenko 12/4/2025|

Can you expand on the applications you deployed kea in?

PikachuEXE 12/4/2025||

Migrated from ISC to Kea on OPNSense and zero issue so far

iwontberude 12/4/2025||

Moved a large enterprise deployment to kea and it’s been fantastic. Very easy to troubleshoot.

YouAreWRONGtoo 12/4/2025|

[dead]