Introduction
DHCP (Dynamic Host Configuration Protocol) automatically assigns IP addresses and network configuration to devices on a network. It simplifies network administration by eliminating manual IP configuration.
This comprehensive guide covers DHCP protocol mechanics, lease process, options, and IPv6.
What is DHCP?
DHCP uses a client-server model where the DHCP server leases IP addresses to clients for a configurable duration.
Key Features
Automatic IP Assignment: No manual IP configuration.
Centralized Management: Single point of configuration.
Lease Management: Temporary address assignment.
Options: DNS, gateway, and other settings.
Lease Process (DORA)
Four-Step Process
Client Server
| |
|------ DISCOVER --------->| (Broadcast)
| |
|<----- OFFER -------------|
| (Available IP) |
| |
|------ REQUEST ---------->|
| (Request IP) |
| |
|<----- ACKNOWLEDGE ------|
| (Lease confirmed) |
Message Types
| Type | Code | Description |
|---|---|---|
| DHCPDISCOVER | 1 | Client broadcasts to find servers |
| DHCPOFFER | 2 | Server offers IP |
| DHCPREQUEST | 3 | Client requests IP |
| DHCPACK | 4 | Server confirms |
| DHCPNAK | 5 | Server denies |
| DHCPRELEASE | 6 | Client releases IP |
| DHCPINFORM | 7 | Client has IP, requests info |
Configuration
ISC DHCP Server
# /etc/dhcp/dhcpd.conf
# Global options
option domain-name "example.com";
option domain-name-servers 8.8.8.8, 8.8.4.4;
default-lease-time 600;
max-lease-time 7200;
# Subnet declaration
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.200;
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
}
# Reserved addresses
host printer {
hardware ethernet 00:11:22:33:44:55;
fixed-address 192.168.1.50;
}
Common Options
# DNS servers
option domain-name-servers 8.8.8.8, 8.8.4.4;
# Router/Gateway
option routers 192.168.1.1;
# Subnet mask
option subnet-mask 255.255.255.0;
# Broadcast address
option broadcast-address 192.168.1.255;
# NTP servers
option ntp-servers 0.pool.ntp.org;
# VLAN
option VLAN-ID 100;
IPv6 DHCP (DHCPv6)
# /etc/dhcp/dhcpd6.conf
# Stateful DHCPv6
subnet6 2001:db8::/32 {
range6 2001:db8::1000 2001:db8::2000;
option dhcp6.name-servers 2001:db8::1;
option dhcp6.domain-search "example.com";
}
# Stateless (SLAAC + RDNSS)
# Clients use SLAAC for address, DHCP for options
Python DHCP Client
import socket
import struct
def discover_dhcp():
"""Simplified DHCP discovery"""
# DHCP constants
DHCP_SERVER_PORT = 67
DHCP_CLIENT_PORT = 68
# Create UDP socket
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
sock.bind(('', 68))
# Build DHCP Discover packet
# (Simplified - actual implementation is complex)
pass
Best Practices
- Use DHCP reservations for servers
- Configure appropriate lease times
- Set up DHCP failover
- Use VLANs to segment networks
- Document IP assignments
Modern DHCP Implementations
ISC Kea
# Kea DHCP configuration
{
"Dhcp4": {
"interfaces-config": {
"interfaces": ["eth0"]
},
"lease-database": {
"type": "mysql",
"host": "localhost",
"name": "kea_lease",
"user": "kea",
"password": "password"
},
"subnet4": [
{
"subnet": "192.168.1.0/24",
"pools": [ { "pool": "192.168.1.100 - 192.168.1.200" } ],
"option-data": [
{
"name": "routers",
"data": "192.168.1.1"
},
{
"name": "domain-name-servers",
"data": "8.8.8.8, 8.8.4.4"
}
]
}
]
}
}
OpenWrt DHCP Configuration
# /etc/config/network
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '6,8.8.8.8,8.8.4.4'
list dhcp_option '3,192.168.1.1'
Docker DHCP
# Docker networks can use DHCP
networks:
dhcp-network:
driver: bridge
ipam:
config:
- subnet: 172.20.0.0/16
ip_range: 172.20.10.0/24
DHCP Security
Rogue DHCP Detection
# Python script to detect rogue DHCP servers
import socket
import struct
def detect_rogue_dhcp():
"""Monitor for unauthorized DHCP servers"""
# Listen on port 67/68
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.bind(('', 68))
known_servers = ['192.168.1.1'] # Authorized servers
while True:
data, addr = sock.recvfrom(4096)
if addr[0] not in known_servers:
print(f"WARNING: Possible rogue DHCP server from {addr[0]}")
DHCP Snooping
# Cisco switch DHCP snooping configuration
ip dhcp snooping
ip dhcp snooping vlan 10
ip dhcp snooping information option
interface GigabitEthernet1/0/1
ip dhcp snooping trust
Troubleshooting DHCP
Common Issues
# Linux DHCP client troubleshooting
# Check DHCP lease
sudo dhclient -v eth0
# Release and renew
sudo dhclient -r eth0
sudo dhclient eth0
# Check lease file
cat /var/lib/dhcp/dhclient.leases
# Debug DHCP
sudo dhclient -d eth0
Packet Capture
# Wireshark filter for DHCP
# Display filter: bootp
# Capture DHCP traffic
sudo tcpdump -i eth0 -nn port 67 or port 68
DHCP in Cloud Environments
AWS VPC DHCP
{
"DhcpOptions": {
"DhcpConfigurations": [
{
"Key": "domain-name-servers",
"Values": ["AmazonProvidedDNS"]
},
{
"Key": "ntp-servers",
"Values": ["169.254.169.123"]
}
]
}
}
Kubernetes CNI DHCP
# CNI DHCP plugin configuration
{
"cniVersion": "0.3.1",
"type": "dhcp",
"capabilities": {
"dns": true
}
}
Conclusion
DHCP is essential for efficient network management, reducing manual configuration and enabling centralized IP address management. In 2026, DHCP continues to evolve with better security features, cloud integration, and automation capabilities.
Key takeaways:
- Understand the DORA process for troubleshooting
- Use DHCP reservations for infrastructure devices
- Implement DHCP security to prevent rogue servers
- Leverage modern DHCP servers like ISC Kea
- Monitor and log DHCP activity
Comments