Actions: | Security

Navigation: Home | Services | Tools | Articles | Other

Serving DHCP

"The Dynamic Host Configuration Protocol provides configuration parameters to Internet hosts"; this is the first line of the introduction to RFC2131 which defines the protocol.

The basic idea is that in order to obtain certain configuration details, a client will make a request to the network, often via broadcast. A DHCP server responds with everything that the client needs to correctly configure networking.

The predominant standalone dhcp server is dhcpd from ISC; it's probably included with your preferred unixlike OS distribution or at least available through its package management system.

Basic dhcpd configuration

The ISC dhcp server is configured in dhcpd.conf(5), and the man page is very good, with useful examples. Broadly, the way that it works is that you can specify options globally or individually by group, subnet or host.

Here's a starting point, which should be fairly self explanatory:

# option definitions common to all supported networks.
option domain-name "";
option domain-name-servers ns1.allgoodbitsorg,;
option ntp-servers;

ddns-update-style none;

#half a day
max-lease-time 43200;

subnet netmask {
       option routers;
subnet netmask {
       option routers;

I generally tend to allocate IP addresses statically on networks that I control so that each machine gets the same IP address every time; there are exceptions such as pools of addresses for guest devices and so on. This way the network provisioning and management is more predictable and DNS is a little easier to maintain. It also tends to make my dhcpd.conf files quite simple.

Now we can add stanzas for individual hosts:

host {
         hardware ethernet 00:14:22:44:e7:ce;

The declaration 'fixed-address' is slightly interesting; it can take either an IP address or a domain name that resolves to an IP address. Give it a domain name and dhcpd will lookup the address in DNS, which means that you don't have to change both dhcpd.conf and DNS when you re-IP a host.

The IP address should be valid for the network on which the client is booting, otherwise you'll get into difficulty: dhcpd won't offer it and even if it did the client couldn't use it.

If you want to offer a pool of dynamic addresses for guests, you probably want them on a particular subnet for easier firewalling/access control:

subnet netmask {
option routers;

       # Unknown clients get this pool.
       pool {
                max-lease-time 300;
                allow unknown-clients;

Shared networks

One time a network administrator came to me with the following problem:

"The DHCP server won't assign an address to this machine that has a valid host stanza in dhcpd.conf"

After asking a few questions, I determined that it was because the client was on a VLAN that spanned 2 non-contiguous subnets as defined in dhcpd.conf, so dhcpd thought that it was attempting to assign an address that was not valid for the network that the DHCPDISCOVER came in from.

The solution was simple, a shared network declaration that combined the two networks that were comprised that VLAN:

shared-network "NameOfVLAN" {
       subnet netmask {
              option routers;
       subnet netmask {
              option routers;

PXE booting

I'm a big fan of infrastructure management and that includes automated installations. I want to be able to plug a machine in and for it to install itself. This means using PXE and TFTP to get bootstrap code and an installation image.

As far as dhcpd is concerned we need a few extra lines of config:

allow bootp;
group {
# point to TFTP server to run an installer
   filename "file-to-be-TFTPed";
   host newhost1 {
        hardware ethernet aa:bb:cc:dd:ee:ff;