Scribd
Upload
15 views

Module_19a_DHCP

Uploaded by

juliopetronilo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views

Module_19a_DHCP

Uploaded by

juliopetronilo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

INFO-3182 Operating Systems Linux

Module 19 Dynamic Host Configuration


Protocol
Introduction

This document discusses the installation and configuration of the IPv4 Dynamic Host Configuration
Protocol service on Linux. IPv6 services can be configured in similar ways but are normally used to
provide only the optional information. SLAAC is widely used to compute IPv6 addresses rather than
assigning them.

Dynamic Host Configuration Protocol

The Dynamic Host Configuration Protocol (DHCP) is a network protocol designed to permit the
automatic allocation of IP addresses to host systems in a controlled manner. Each host that requests an
address is assigned one for a limited time, this is known as leasing an address. In addition to assigning IP
addresses, DHCP can also provide optional information to hosts such as default gateway addresses, DNS
server addresses, DNS search domains, and much more.

DHCP is an alternative to the older BOOTP protocol and has almost completely replaced it.

When a host system, that is configured to use DHCP, boots, it sends an Ethernet broadcast packet
containing a TCP/IP broadcast message requesting an IP address to all devices on its local Layer 2
network segment. If there are any DHCP servers on the network, they will all send a response to the
host offering an address if one is available. The host accepts the first response received and then gets
any optional information from the server providing the accepted response.

The host is then allowed to use the leased address for the duration of the lease. Halfway through the
lease period, the host will automatically request a renewal of the lease, thus attempting to keep the
same leased address as long as possible.

It is also possible for a DHCP server to be configured to always provide a host with the same address,
based on the host’s Media Access Control (MAC) address. This is known as a DHCP reservation and must
be manually configured by an administrator for each host.

Sometimes, DHCP servers are not connected directly to the same Layer 2 network as the hosts they
serve. In this case, a DHCP relay is used to pass requests from the local network to the DHCP server.
DHCP relay services can be configured on many network devices and on Linux systems.

Page 1 of 5
INFO-3182 Operating Systems Linux

DHCP services on Linux systems.

Many Linux distributions have three services available for DHCP.

• DHCP client – This service is used by a Linux system to obtain its own IP address(es) via DHCP. It
is installed by default on all Linux systems.
• DHCP server – This optional service is installed and configured when a Linux system is being
used as a DHCP server. On CentOS Stream 9, the dhcp-server package is usually used, and on
Ubuntu 24.04 the isc-dhcp-server package is the preferred one. Both packages provide
implementations of the ISC DHCP server, which is the reference standard implementation for
Linux.
• DHCP relay – This service is used when a Linux system is to act as a DHCP relay agent on the
local Layer 2 network for a DHCP server located in a different network. The ISC reference
standard implementation is usually used for this service as well. This service is dhcp-relay on
CentOS Stream 9 and isc-dhcp-relay on Ubuntu 24.04.

This document focuses on the DHCP server service, using an Ubuntu 24.04 server for most examples.

Installing the DHCP sever service

The DHCP server service is usually installed using the package manager on the Linux system that will run
the service. On Ubuntu 24.04 the commands used are:
sudo apt-get update
sudo apt-get install isc-dhcp-server

On CentOS Stream 9, the command is:


sudo dnf install dhcp-server

On Ubuntu 24.04 the isc-dhcp-server service is enabled and started as part of the package installation.
On CentOS Stream 9 the service is named dhcpd and is disabled by default.

DHCP uses port 67/UDP for its communications, but the necessary firewall rules are not added by either
package.

For Ubuntu 24.04 add the firewall rule:


sudo ufw allow 67/udp

And for CentOS Stream 9 the firewall rule is added using:


sudo firewall-cmd --permanent --add-port=67/udp
sudo firewall-cmd --reload

Page 2 of 5
INFO-3182 Operating Systems Linux

Configuring a DHCP server

Systems running a DHCP server need to have static IP addresses on the network adapters through which
they will be accepting and responding to DHCP requests. This makes sense, a DHCP request must go to a
DHCP server that can respond to it if an address is to be assigned, and DHCP requests always start with
an Ethernet broadcast packet.

The configuration file for the DHCP servers installed above is /etc/dhcp/dhcpd.conf. On an Ubuntu
system, this file contains some basic options, but all the scopes in the file are commented out examples.
On CentOS Stream 9, the provided file has a comment in it directing the user to the location of the
sample file and documentation. These non-functional configuration files are provided intentionally to
prevent the accidental introduction of a rogue DHCP server into a network. Putting a rogue DHCP server
into a network is a favourite hacking method, with the intent of directing user’s traffic to a hacker’s
system, usually for man-in-the-middle attacks.

A DHCP scope is the definition of a set of addresses within the same network space and associated
options used to provide IP address information to client systems.

This means that an administrator must configure at least one scope for a DHCP server before it can be
used.

The dhcpd.conf file provided by the Ubuntu package contains the following default configuration
settings at the global level (they are used in all scopes unless overridden in individual scopes):
option domain-name "example.org";

This option defines the DNS domain name that is to be used by all hosts receiving addresses from this
server, unless it is overridden in a scope.
option domain-name-servers ns1.example.org, ns2.example.org;

this option specifies the DNS servers to be used by all hosts receiving their IP addresses from this server,
unless overridden in a scope. The example in the file uses host names for the DNS servers, but it is more
common and reliable to use IP addresses.
default-lease-time 600;

This option specifies that a normal lease duration is 600 seconds (10 minutes). Renewal attempts will
start 300 seconds after the lease is granted or renewed. This may seem a short lease time. However,
with the number of mobile and portable devices in use today, this is a reasonable time.
max-lease-time 7200;

This option specifies the maximum time, in seconds, a lease can be held by a system without renewal. It
is intended as a safeguard against DHCP server failure or loss of connectivity to the DHCP server,
preventing client disconnection because the DHCP server cannot be found.
ddns-update-style none;

Page 3 of 5
INFO-3182 Operating Systems Linux

Modern versions of DHCP and DNS permit dynamic DNS updates when DHCP leases are granted and
then expire. This option is used to control whether dynamic DNS is supported by the current instance of
the DHCP server. By default, this functionality is disabled for security and because not all versions of
DHCP and DNS support dynamic DNS.

The following configuration example is a working scope configuration for the 192.168.101.0/24 network.
The addresses 192.168.101.200 through 192.168.101.250 can be leased by hosts with a subnet mask of
255.255.255.0 (/24).
subnet 192.168.101.0 netmask 255.255.255.0 {
range 192.168.101.200 192.168.101.250;
option routers 192.168.101.1;
option domain-name-servers 192.168.91.2;
option domain-name "example.com";
option subnet-mask 255.255.255.0;
default-lease-time 600;
max-lease-time 7200;
}

The options specified with the scope override any that are declared at the global level. In the example
scope, some of these have the same values as the global option settings.

NOTE: For those familiar with the Microsoft implementation of DHCP, there is no direct equivalent to
the exclusion range functionality found in the Microsoft DHCP server. To exclude a range of addresses
within a subnet from being allocated to hosts via DHCP, do not include them in any range clause in the
scope (multiple range clauses are permitted within a subnets scope definition).

DHCP reservations can be created for hosts using addresses that are not in the range clauses of the
subnet definition for the network where each host is located. To do this, create a host definition for
each host that includes the host’s MAC, and either the IP address being reserved or DNS resolvable
hostname for it. The remaining configuration information will be taken from the subnet that contains
the allocated IP address. See the documentation for details (man dhcpd.conf). For example:
host server1 {
hardware ethernet 08:00:07:26:c0:a5;
fixed-address 192.168.101.50;
}

Causes DHCP to assign the specified IP address to the host with the specified MAC address, provided
there is a scope (subnet definition) on the server for that address space, and the host is connected to a
network that uses that address space.

Alternatively, the FQDN for the system can be specified as shown below.
host server1 {
hardware ethernet 08:00:07:26:c0:a5;
fixed-address server1.example.com;
}

Page 4 of 5
INFO-3182 Operating Systems Linux

The above host definition causes DHCP to query DNS for the IP address(es) that match the given FQDN.
DHCP then sends the host the IP address associated with the FQDN for the network from which the host
requests an address.

In either of the above cases, if no match can be found for an assigned address for the host in the
network from which it is requesting an address, it will be treated like any other DHCP client from the
network where it is located, and dynamically assigned an address if one is available.

After modifying the /etc/dhcp/dhcpd.conf file, the isc-dhcp-server and dhcpd-server services must be
restarted for the changes to take effect. Restarting the service does not affect any existing leases. Use
the restart command with systemctl, reload is not implemented for the isc-dhcp-server or dhcp-server
services and produces error messages when used.

Testing a DHCP server configuration

The configuration of a DHCP scope can be complex, the example above is relatively straight-forward but
is still easy to make mistakes in. The program that runs the DHCP service, dhcpd, provides a test mode.
This allows a configuration file to be checked for syntax errors and some semantic errors before
attempting to use it.

When the file being modified is/etc/dhcp/dhcpd.conf, the test can be done by running the command:
sudo dhcpd -t

If another file is being created, its name can be specified on the command line.

When this command reports errors, start with the first error listed in the output and work downwards
through the list of errors. Rerun the test after fixing each error, multiple reported errors are often
addressed by fixing one real error.

Page 5 of 5

You might also like