Skip to content

T8243: dhcp: add RFC9463 DNR support for Kea DHCPv4/DHCPv6#4975

Open
jd82k wants to merge 1 commit intovyos:currentfrom
jd82k:dnr
Open

T8243: dhcp: add RFC9463 DNR support for Kea DHCPv4/DHCPv6#4975
jd82k wants to merge 1 commit intovyos:currentfrom
jd82k:dnr

Conversation

@jd82k
Copy link
Contributor

@jd82k jd82k commented Feb 8, 2026

Change summary

Add CLI support for Discovery of Network-designated Resolvers (DNR) under DHCP option trees and render it to Kea option-data.

  • Add new DNR nodes for DHCPv4 and DHCPv6 option config:
    • priority
    • authentication-domain-name
    • address (v4/v6)
    • service-parameter (alpn/port/dohpath/raw)
  • Map DNR config in python/vyos/kea.py:
    • DHCPv4: emit a single v4-dnr option with instances joined by "|"
    • DHCPv6: emit one v6-dnr option per instance
  • Add smoke tests for DHCPv4 and DHCPv6 DNR rendering.

Note: SLAAC/RA DNR is not part of this commit; current router-advert backend (radvd) does not expose RFC9463 DNR option support.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related Task(s)

https://vyos.dev/T8243

Related PR(s)

How to test / Smoketest result

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

@github-actions
Copy link

github-actions bot commented Feb 8, 2026
edited
Loading

👍
No issues in PR Title / Commit Title

@jd82k jd82k force-pushed the dnr branch 2 times, most recently from f14b426 to 6ee7df5 Compare February 8, 2026 14:06
@c-po c-po self-requested a review February 9, 2026 08:24
@jd82k
Copy link
Contributor Author

jd82k commented Feb 9, 2026

I have read the CLA Document and I hereby sign the CLA

c-po
c-po requested changes Feb 15, 2026
View reviewed changes
c-po
c-po reviewed Feb 15, 2026
View reviewed changes
c-po
c-po reviewed Feb 15, 2026
View reviewed changes
Copy link
Member

@c-po c-po left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should also probe in verify() that dohpath exists when required.

You should not rely on the KEA failsafe to not load an invalid config.

cpo@LR1.wue3# show service dhcp-server
 shared-network-name DNR {
     subnet 172.18.202.0/24 {
         option {
             dnr 10 {
+                address 1.2.3.4
                 authentication-domain-name resolver1.example
                 priority 100
+                service-parameter {
+                    alpn dot
+                    alpn h2
+                    port 853
+                }
             }
         }
         range zero {
             start 172.18.202.101
             stop 172.18.202.111
         }
         subnet-id 1
     }
 }
[edit]
cpo@LR1.wue3# commit
[ service dhcp-server ]
Unexpected error with Kea configuration: option data does not match
option definition (space: dhcp4, code: 162): DHCPv4 Encrypted DNS Option
(162) malformed: Wrong Svc Params syntax - dohpath SvcParam missing.
When alpn SvcParam indicates support for HTTP, dohpath must be present.
(/run/kea/kea-dhcp4.conf:54:33) (/run/kea/kea-dhcp4.conf:41:5)
[[service dhcp-server]] failed
Commit failed

@c-po c-po requested a review from sarthurdev February 15, 2026 09:51
@jd82k jd82k requested a review from c-po February 18, 2026 00:05
@sarthurdev
Copy link
Member

sarthurdev commented Feb 18, 2026

Smoketests failing

DEBUG - ======================================================================
DEBUG - ERROR: test_dhcp_single_pool_dnr_option (__main__.TestServiceDHCPServer.test_dhcp_single_pool_dnr_option)
DEBUG - ----------------------------------------------------------------------
DEBUG - Traceback (most recent call last):
DEBUG -   File "/usr/libexec/vyos/tests/smoke/cli/test_service_dhcp-server.py", line 535, in test_dhcp_single_pool_dnr_option
DEBUG -     self.cli_commit()
DEBUG -   File "/usr/libexec/vyos/tests/smoke/cli/base_vyostest_shim.py", line 110, in cli_commit
DEBUG -     return self._session.commit()
DEBUG -            ^^^^^^^^^^^^^^^^^^^^^^
DEBUG -   File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 325, in commit
DEBUG -     out = self.__run_command([COMMIT])
DEBUG -           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
DEBUG -   File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 252, in __run_command
DEBUG -     raise ConfigSessionError(output)
DEBUG - vyos.configsession.ConfigSessionError: [ service dhcp-server ]
DEBUG - Unexpected error with Kea configuration: option data does not match
DEBUG - option definition (space: dhcp4, code: 162): DHCPv4 Encrypted DNS Option
DEBUG - (162) malformed: Wrong Svc Params syntax - dohpath SvcParamValue URI
DEBUG - Template MUST contain a 'dns' variable. (/run/kea/kea-dhcp4.conf:54:33)
DEBUG - (/run/kea/kea-dhcp4.conf:41:5)
DEBUG - [[service dhcp-server]] failed
DEBUG - Commit failed

DEBUG - ======================================================================
DEBUG - ERROR: test_dnr_options (__main__.TestServiceDHCPv6Server.test_dnr_options)
DEBUG - ----------------------------------------------------------------------
DEBUG - Traceback (most recent call last):
DEBUG -   File "/usr/libexec/vyos/tests/smoke/cli/test_service_dhcpv6-server.py", line 272, in test_dnr_options
DEBUG -     self.cli_commit()
DEBUG -   File "/usr/libexec/vyos/tests/smoke/cli/base_vyostest_shim.py", line 110, in cli_commit
DEBUG -     return self._session.commit()
DEBUG -            ^^^^^^^^^^^^^^^^^^^^^^
DEBUG -   File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 325, in commit
DEBUG -     out = self.__run_command([COMMIT])
DEBUG -           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
DEBUG -   File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 252, in __run_command
DEBUG -     raise ConfigSessionError(output)
DEBUG - vyos.configsession.ConfigSessionError: [ service dhcpv6-server ]
DEBUG - Unexpected error with Kea configuration: option data does not match
DEBUG - option definition (space: dhcp6, code: 144): DHCPv6 Encrypted DNS Option
DEBUG - (144) malformed: Wrong Svc Params syntax - dohpath SvcParamValue URI
DEBUG - Template MUST contain a 'dns' variable. (/run/kea/kea-dhcp6.conf:42:33)
DEBUG - (/run/kea/kea-dhcp6.conf:33:5)
DEBUG - [[service dhcpv6-server]] failed
DEBUG - Commit failed

@jd82k
Copy link
Contributor Author

jd82k commented Feb 18, 2026

Smoketests failing

DEBUG - ======================================================================
DEBUG - ERROR: test_dhcp_single_pool_dnr_option (__main__.TestServiceDHCPServer.test_dhcp_single_pool_dnr_option)
DEBUG - ----------------------------------------------------------------------
DEBUG - Traceback (most recent call last):
DEBUG -   File "/usr/libexec/vyos/tests/smoke/cli/test_service_dhcp-server.py", line 535, in test_dhcp_single_pool_dnr_option
DEBUG -     self.cli_commit()
DEBUG -   File "/usr/libexec/vyos/tests/smoke/cli/base_vyostest_shim.py", line 110, in cli_commit
DEBUG -     return self._session.commit()
DEBUG -            ^^^^^^^^^^^^^^^^^^^^^^
DEBUG -   File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 325, in commit
DEBUG -     out = self.__run_command([COMMIT])
DEBUG -           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
DEBUG -   File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 252, in __run_command
DEBUG -     raise ConfigSessionError(output)
DEBUG - vyos.configsession.ConfigSessionError: [ service dhcp-server ]
DEBUG - Unexpected error with Kea configuration: option data does not match
DEBUG - option definition (space: dhcp4, code: 162): DHCPv4 Encrypted DNS Option
DEBUG - (162) malformed: Wrong Svc Params syntax - dohpath SvcParamValue URI
DEBUG - Template MUST contain a 'dns' variable. (/run/kea/kea-dhcp4.conf:54:33)
DEBUG - (/run/kea/kea-dhcp4.conf:41:5)
DEBUG - [[service dhcp-server]] failed
DEBUG - Commit failed

DEBUG - ======================================================================
DEBUG - ERROR: test_dnr_options (__main__.TestServiceDHCPv6Server.test_dnr_options)
DEBUG - ----------------------------------------------------------------------
DEBUG - Traceback (most recent call last):
DEBUG -   File "/usr/libexec/vyos/tests/smoke/cli/test_service_dhcpv6-server.py", line 272, in test_dnr_options
DEBUG -     self.cli_commit()
DEBUG -   File "/usr/libexec/vyos/tests/smoke/cli/base_vyostest_shim.py", line 110, in cli_commit
DEBUG -     return self._session.commit()
DEBUG -            ^^^^^^^^^^^^^^^^^^^^^^
DEBUG -   File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 325, in commit
DEBUG -     out = self.__run_command([COMMIT])
DEBUG -           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
DEBUG -   File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 252, in __run_command
DEBUG -     raise ConfigSessionError(output)
DEBUG - vyos.configsession.ConfigSessionError: [ service dhcpv6-server ]
DEBUG - Unexpected error with Kea configuration: option data does not match
DEBUG - option definition (space: dhcp6, code: 144): DHCPv6 Encrypted DNS Option
DEBUG - (144) malformed: Wrong Svc Params syntax - dohpath SvcParamValue URI
DEBUG - Template MUST contain a 'dns' variable. (/run/kea/kea-dhcp6.conf:42:33)
DEBUG - (/run/kea/kea-dhcp6.conf:33:5)
DEBUG - [[service dhcpv6-server]] failed
DEBUG - Commit failed

Now it should work well.

dmbaturin
dmbaturin approved these changes Feb 19, 2026
View reviewed changes
Copy link
Member

@dmbaturin dmbaturin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see any issues offhand now. We generally prefer using vyos.utils.dict.dict_search rather than .get() but for single-level keys it doesn't really matter.

@jd82k @c-po
T8243: dhcp: add RFC9463 DNR support for Kea DHCPv4/DHCPv6
706b936 
Add CLI support for Discovery of Network-designated Resolvers (DNR)
under DHCP option trees and render it to Kea option-data.

- Add new DNR nodes for DHCPv4 and DHCPv6 option config:
  - priority
  - authentication-domain-name
  - address (v4/v6)
  - service-parameter (alpn/port/dohpath/raw)
- Map DNR config in python/vyos/kea.py:
  - DHCPv4: emit a single v4-dnr option with instances joined by "|"
  - DHCPv6: emit one v6-dnr option per instance
- Add smoke tests for DHCPv4 and DHCPv6 DNR rendering.

Note: SLAAC/RA DNR is not part of this commit; current router-advert
backend (radvd) does not expose RFC9463 DNR option support.
@github-actions
Copy link

github-actions bot commented Feb 19, 2026

CI integration ❌ failed!

Details

CI logs

  • CLI Smoketests 👍 passed
  • CLI Smoketests (interfaces only) ❌ failed
  • Config tests 👍 passed
  • RAID1 tests 👍 passed
  • CLI Smoketests VPP ❌ failed
  • Config tests VPP 👍 passed
  • TPM tests 👍 passed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmbaturin dmbaturin dmbaturin approved these changes

@sarthurdev sarthurdev Awaiting requested review from sarthurdev

@c-po c-po Awaiting requested review from c-po

Requested changes must be addressed to merge this pull request.

Assignees

@jd82k jd82k

Labels

current rebase

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jd82k @sarthurdev @dmbaturin @c-po

Comments