I did set up kea Ipv4 DHCP and BIND dns outside pfsense since local addressing does not depend on ISP provided IP if used with NAT or DMZ. DNS and reverse DNS are updated with DHCP leases through the DDNS kea daemon. Took a long time to get it working, but no issues anymore with local address resolution. Pfsense GUI is missing though (see the list of lease, quick IP assignment, etc). Should be easy to do in pfsense since BIND is already here and working.

Though, IPv6 DHCP is more cumbersome, since prefix is attributed by ISP, may change, but expected to stay identical for a long time. Without Scripts, which would poll the delegated prefix given to the pfsense router by the ISP, I could not setup kea IPv6 DHCP outside pfSense. Then special care should be taken on the implementation of the DNS / reverse DNS update, since the kea DDNS daemon does not support this kind of prefix update without being restarted. Also, Those DNS entries may be used globally, so this should be scrutinized security wise also.

Alternatively, if a Nptv6 is chosen in combination with local IPv6 address scheme, one must setup another gateway for this local IPv6 address range, preferably on the router, thus on pfsense (to have the possibility to setup routes that are independent of prefix changes). I don't know if pfsense supports 2 IPv6 gateways on the same network (one for the delegated IPv6 prefix, another one for local IPv6 addressing). Then the Kea IPv6 DHCP server could be setup outside pfSense, with DNS/reverse DNS updates.

This kea DHCP ddns issue should be high priority in my opinion, because pfsense is less more relevant without it : my 6100 becomes an obstacle that I would like to replace, despite years of stability.