core icon indicating copy to clipboard operation
core copied to clipboard
verified publisher icon opnsense

Support static DNS mappings using Kea DHCP.

Open reitermarkus opened this issue 1 year ago • 4 comments

Closes https://github.com/opnsense/core/issues/7307.

reitermarkus avatar Apr 05 '24 08:04 reitermarkus

I've added https://github.com/opnsense/core/commit/14cc9a1c2f and https://github.com/opnsense/core/commit/b53fe7c1d9 to avoid tainting private static_mapping consumers after discussion with @AdSchellevis.

I'm not against this, but this needs careful crafting because the current PR is (in light of the impending breakage it would have created above) not complete. Here are a few thoughts:

  • For one the action is not required and shouldn't be added until its needed.
  • You should check if the static mapping's server is actually enabled.
  • Given the lack of an IPv6 kea implementation we shouldn't mess with looping over IPv6 entries that don't exist.

Cheers, Franco

fichtner avatar Apr 05 '24 10:04 fichtner

For one the action is not required and shouldn't be added until its needed.

So the action is not needed for the plugin function to work? Where is the list.static action for dhcpd needed, as I based this off of this and this doesn't seem to be used anywhere?

You should check if the static mapping's server is actually enabled.

This is now checked.

Given the lack of an IPv6 kea implementation we shouldn't mess with looping over IPv6 entries that don't exist.

I have removed the useless loop.

reitermarkus avatar Apr 05 '24 20:04 reitermarkus

@fichtner, can you have another look here?

reitermarkus avatar Apr 16 '24 11:04 reitermarkus

I would love to see it in the next release :)

dMopp avatar May 05 '24 18:05 dMopp

Merged, thanks!

fichtner avatar May 17 '24 08:05 fichtner

Just for myself: that means it will be part of the NEXT release, right?

dMopp avatar May 18 '24 16:05 dMopp

Next development version. Final release in 24.1.9 most likely.

fichtner avatar May 18 '24 18:05 fichtner

opnsense-patch 139a3ad Works well :). Thanks. Next stop: dynamic leases into unbound 👯‍♂️

dMopp avatar May 21 '24 11:05 dMopp

It's not the full patching. I'd say it works but I'd rather have confirmation on latest development state because there it works without the obvious issues it introduces into the wider system.

fichtner avatar May 21 '24 13:05 fichtner

Yeah, all fine, for "me" it seems to work fine. And i can always revert if in case of any issues

dMopp avatar May 21 '24 14:05 dMopp

Well, the point was that if the actual development state is tested it helps us more to ship the feature than cherry-picking the PR commit because mistakes can happen. I know it works as a concept because it was reviewed and merged, but it doesn't reflect the full state of changes necessary. That's all.

fichtner avatar May 22 '24 05:05 fichtner

Ah, okay I understood. Might consider it, but it might affect the woman acceptance factor 😅

dMopp avatar May 22 '24 05:05 dMopp

We all have our reasons, no problem. I just wanted to get that point across. In any case kudos for using opnsense-patch to subvert the WAF. ;)

fichtner avatar May 22 '24 06:05 fichtner