What is DHCP? Dynamic Host Configuration Protocol Guide

Without DHCP, it is difficult to imagine how we would be able to connect to the internet or our local network. DHCP is a vital part of how our devices on IP networks communicate with each other and the world around us. This article will cover DHCP in-depth, explaining what it is, how it works, its components, logging, configuration, and its benefits.

Whether you are setting up a server for the first time or managing an existing DHCP infrastructure, there are some key concepts that you need to understand. Various types of malware attacks in the past have bene linked to DHCP poisoning and other forms of cyber attacks. 

What is DHCP protocol?

DHCP stands for Dynamic Host Configuration Protocol. A network management protocol allows computers to automatically obtain IP addresses (Internet Protocol) and other basic configuration information when they connect to a network. DHCP enables devices on IP networks to be connected remotely and easily, without any manual intervention or changes required by the administrator.

IETF (Internet Engineering Task Force) standardised DHCP in 1993.

DHCP is based on the Bootstrap Protocol (BOOTP), which was developed in 1985 to address the same issue of automatically configuring IP addresses. DHCP is an extension of BOOTP and includes additional features such as the ability to assign IP addresses, lease times dynamically, DHCP options, and support for other DHCP servers.

What is the purpose of DHCP?

Dynamic Host Configuration Protocol assigns IP addresses and other information to the host computer. The DHCP server assigns IP addresses to every host, like 172.16.0.1 or 10.10.10…

Is DHCP necessary?

While DHCP is an essential part of our network’s function, it is not strictly necessary. Some organisations may choose to manually configure IP addresses (static IP address), hostnames and other configuration information for each device on the network rather than using DHCP. However, DHCP offers several advantages over manual configuration, including easier IP address management and reduced risk of configuration errors when making changes.

A static IP address is also less flexible, this must be manually configured on each device with relevant information such as a specific subnet broadcast address and network address every time its configuration changes. Static addresses are not suitable for devices that are frequently moved or mobile. DHCP is, therefore, the preferred option for most networks, whether they are small home networks or large enterprise organisations.

Why is DHCP important?

DHCP is important because it allows for the automatic configuration of network devices. When a new device is connected to the network, it can automatically receive an IP address and other necessary configuration information from the DHCP server. This eliminates the need for manual configuration of each new device, which can be time-consuming and error-prone.

Dynamic Host Configuration Protocol v6 (DHCPv6)

DHCP v6 is a DHCP extension used to assign IPv6 addresses and other configuration information to network devices. Like DHCPv4, DHCPv6 allows for easier IP address management of networks and reliable IP address configuration. It is widely supported by operating systems and networking equipment, making it an essential component of any modern network infrastructure.

What is the difference between DHCP and DHCPv6?

DHCP, or Dynamic Host Configuration Protocol, is used to assign IP addresses to network devices dynamically. DHCPv6 is a version of DHCP that is designed for IPv6 networks.

DHCPv6 vs DHCPv4

One key difference between DHCP and DHCPv6 is the address pool size. DHCPv6 uses Unique identifiers, not MAC addresses like in DHCP, which is a more secure approach.

Another difference is that DHCP uses broadcast messages to communicate with devices on the network, while DHCPv6 uses multicast messages. It means that DHCPv6 can more easily scale to larger, more complex networks.

Overall, DHCP and DHCPv6 are two complementary protocols that work together to assign IP addresses and other network settings to devices on a network. While DHCPv6 is the newer two protocols, it can be used alongside DHCP in many modern networks. Whether you need DHCP or DHCPv6 will

DHCP and DHCPv6 are valuable tools for dynamically assigning IP addresses to network devices. While DHCP is more limited in address pool size and IP configuration options, it remains popular due to easier management and low overhead. DHCPv6, on the other hand, offers advanced features and is the preferred choice for most modern networks. 

How does DHCP work?

The DHCP protocol is based on a client/server model. A DHCP server is responsible for assigning IP addresses, IP settings and other configuration information to clients on the network, while clients request this information from the server when they connect to the network. The DHCP process works by exchanging messages between the client and server over a particular network protocol called the Dynamic Host Configuration Protocol.

How does DHCP works with DNS?

DHCP can be configured to automatically register DHCP client computers in DNS (Domain Name Server). This registration occurs when the DHCP server assigns an IP address to a DHCP client (requesting client computer). DHCP can also update DNS records when a DHCP client computer moves to another location.

Components of DHCP

There are several vital components to DHCP that make it work effectively. The main components of DHCP are:

• DHCP server
• DHCP client
• DHCP relay agent
• IP address pool
• Subnet
• Lease

What is DHCP server?

The DHCP server is responsible for issuing IP addresses and other configuration information to devices on the network.

DHCP client

The DHCP client is responsible for requesting IP addresses and establishing DHCP connection with the DHCP server.

DHCP relay agent

Before detailing on relay agent, let’s start with a basic concept.

What is DHCP relay?

DHCP Relay is a network component that forwards DHCP messages (DHCPDISCOVER, DHCPOFFER, DHCPREQUEST and DHCPACK ) between DHCP clients and DHCP servers.

What is DHCP relay agent?

DHCP relay agents are typically used in large, complex networks where DHCP broadcasts may not be able to reach all DHCP client devices. A DHCP relay agent intercepts DHCP client messages and forwards them across the network to DHCP servers.

IP addresses /Address Pool

IP address pool is generally a sequence of IP addresses which DHCP servers can hand out to DHCP clients. These clients contact the DHCP server asking for an IP address, and the DHCP server responds by providing an IP address from the DHCP pool.

DHCP scope or DHCP pool

Each DHCP server has its own DHCP pool, also known as DHCP scope, and the DHCP protocol allows DHCP clients to request DHCP addresses from more than one DHCP server at a time.

Subnet 

The DHCP subnet mask is used for dynamically assigning IP addresses to network devices. A subnet mask consists of host and network address portions.

• Host address portion: This part of the DHCP subnet identifies the DHCP client’s IP address within a particular network.
• Network address portion: This part of the DHCP subnet identifies the network to which a DHCP client belongs.

What is DHCP Lease?

DHCP lease is the limited time window during which DHCP clients can use an assigned IP address. DHCP leases are renewed periodically, and if a DHCP client does not renew its lease, it may lose network access after its lease expires. DHCP leases can also be manually assigned by a network administrator, which allows for more precise control over IP address assignment. DHCP is commonly used in wired and wireless networks to ensure that all devices on the network receive an IP address automatically.

What is DHCP lease time?

DHCP lease time is when a DHCP client can use an assigned IP address. DHCP leases are typically renewed periodically, and if a DHCP client does not renew its lease, it may lose network access. DHCP leases can also be manually assigned by a network administrator, which allows for more precise control over IP address assignment. DHCP is commonly used in wired and wireless networks to ensure that all devices on the network have a valid IP address and can communicate with other network devices. DHCP lease times may vary depending on the type of DHCP server or DHCP client in use and the desired level of control over IP address assignment. The majority of the clients are configured by default to receive DHCP information.

DHCP message types

The DHCP process involves a sequence of messages before an IP is issued to the DHCP client.

DHCP DORA

There are four DHCP message types:

1. DHCP Discover,
2. DHCP Offer,
3. DHCP Request, and
4. DHCP ACK.

Hence, the shortcut name DHCP DORA. Here is a brief summary of each of these DHCP message types:

DHCPDiscover: This message is sent by the client when it first connects to the network and is used to find available DHCP servers. DHCP discovery messages typically include the DHCP client’s MAC address and hostname. The following packet samples from Microsoft DHCP troubleshoot show each of the DHCP message types

IP: ID = 0x0; Proto = UDP; Len: 328
IP: Version = 4 (0x4)
IP: Header Length = 20 (0x14)
IP: Service Type = 0 (0x0)
IP: Precedence = Routine
IP: ...0.... = Normal Delay
IP: ....0... = Normal Throughput
IP: .....0.. = Normal Reliability
IP: Total Length = 328 (0x148)
IP: Identification = 0 (0x0)
IP: Flags Summary = 0 (0x0)
IP: .......0 = Last fragment in datagram
IP: ......0. = May fragment datagram if necessary
IP: Fragment Offset = 0 (0x0) bytes
IP: Time to Live = 128 (0x80)
IP: Protocol = UDP - User Datagram
IP: Checksum = 0x39A6
IP: Source Address = 0.0.0.0
IP: Destination Address = 255.255.255.255
IP: Data: Number of data bytes remaining = 308 (0x0134)

DHCP: Discover (xid=21274A1D)
DHCP: Op Code (op) = 1 (0x1)
DHCP: Hardware Type (htype) = 1 (0x1) 10Mb Ethernet
DHCP: Hardware Address Length (hlen) = 6 (0x6)
DHCP: Hops (hops) = 0 (0x0)
DHCP: Transaction ID (xid) = 556223005 (0x21274A1D)
DHCP: Seconds (secs) = 0 (0x0)
DHCP: Flags (flags) = 0 (0x0)
DHCP: 0…………… = No Broadcast
DHCP: Client IP Address (ciaddr) = 0.0.0.0
DHCP: Your IP Address (yiaddr) = 0.0.0.0
DHCP: Server IP Address (siaddr) = 0.0.0.0
DHCP: Relay IP Address (giaddr) = 0.0.0.0
DHCP: Client Ethernet Address (chaddr) = 08002B2ED85E
DHCP: Server Host Name (sname) =
DHCP: Boot File Name (file) =
DHCP: Magic Cookie = [OK]DHCP: Option Field (options)
DHCP: DHCP Message Type = DHCP Discover
DHCP: Client-identifier = (Type: 1) 08 00 2b 2e d8 5e
DHCP: Host Name = JUMBO-WS
DHCP: Parameter Request List = (Length: 7) 01 0f 03 2c 2e 2f 06
DHCP: End of this option field

DHCPOffer: This message is sent by the DHCP server in response to a DHCP Discover message, and includes an offer for an IP address

IP: ID = 0x3C30; Proto = UDP; Len: 328
IP: Version = 4 (0x4)
IP: Header Length = 20 (0x14)
IP: Service Type = 0 (0x0)
IP: Precedence = Routine
IP: ...0.... = Normal Delay
IP: ....0... = Normal Throughput
IP: .....0.. = Normal Reliability
IP: Total Length = 328 (0x148)
IP: Identification = 15408 (0x3C30)
IP: Flags Summary = 0 (0x0)
IP: .......0 = Last fragment in datagram
IP: ......0. = May fragment datagram if necessary
IP: Fragment Offset = 0 (0x0) bytes
IP: Time to Live = 128 (0x80)
IP: Protocol = UDP - User Datagram
IP: Checksum = 0x2FA8
IP: Source Address = 157.54.48.151
IP: Destination Address = 255.255.255.255
IP: Data: Number of data bytes remaining = 308 (0x0134)

DHCP: Offer (xid=21274A1D)
DHCP: Op Code (op) = 2 (0x2)
DHCP: Hardware Type (htype) = 1 (0x1) 10Mb Ethernet
DHCP: Hardware Address Length (hlen) = 6 (0x6)
DHCP: Hops (hops) = 0 (0x0)
DHCP: Transaction ID (xid) = 556223005 (0x21274A1D)
DHCP: Seconds (secs) = 0 (0x0)
DHCP: Flags (flags) = 0 (0x0)
DHCP: 0…………… = No Broadcast
DHCP: Client IP Address (ciaddr) = 0.0.0.0
DHCP: Your IP Address (yiaddr) = 157.54.50.5
DHCP: Server IP Address (siaddr) = 0.0.0.0
DHCP: Relay IP Address (giaddr) = 0.0.0.0
DHCP: Client Ethernet Address (chaddr) = 08002B2ED85E
DHCP: Server Host Name (sname) =
DHCP: Boot File Name (file) =
DHCP: Magic Cookie = [OK]DHCP: Option Field (options)
DHCP: DHCP Message Type = DHCP Offer
DHCP: Subnet Mask = 255.255.240.0
DHCP: Renewal Time Value (T1) = 8 Days, 0:00:00
DHCP: Rebinding Time Value (T2) = 14 Days, 0:00:00
DHCP: IP Address Lease Time = 16 Days, 0:00:00
DHCP: Server Identifier = 157.54.48.151
DHCP: Router = 157.54.48.1
DHCP: NetBIOS Name Service = 157.54.16.154
DHCP: NetBIOS Node Type = (Length: 1) 04
DHCP: End of this option field

DHCPRequest: After receiving a DHCP Offer message from a server, the client device sends a request for that IP address.

IP: ID = 0x100; Proto = UDP; Len: 328
IP: Version = 4 (0x4)
IP: Header Length = 20 (0x14)
IP: Service Type = 0 (0x0)
IP: Precedence = Routine
IP: ...0.... = Normal Delay
IP: ....0... = Normal Throughput
IP: .....0.. = Normal Reliability
IP: Total Length = 328 (0x148)
IP: Identification = 256 (0x100)
IP: Flags Summary = 0 (0x0)
IP: .......0 = Last fragment in datagram
IP: ......0. = May fragment datagram if necessary
IP: Fragment Offset = 0 (0x0) bytes
IP: Time to Live = 128 (0x80)
IP: Protocol = UDP - User Datagram
IP: Checksum = 0x38A6
IP: Source Address = 0.0.0.0
IP: Destination Address = 255.255.255.255
IP: Data: Number of data bytes remaining = 308 (0x0134)

DHCP: Request (xid=21274A1D)
DHCP: Op Code (op) = 1 (0x1)
DHCP: Hardware Type (htype) = 1 (0x1) 10Mb Ethernet
DHCP: Hardware Address Length (hlen) = 6 (0x6)
DHCP: Hops (hops) = 0 (0x0)
DHCP: Transaction ID (xid) = 556223005 (0x21274A1D)
DHCP: Seconds (secs) = 0 (0x0)
DHCP: Flags (flags) = 0 (0x0)
DHCP: 0…………… = No Broadcast
DHCP: Client IP Address (ciaddr) = 0.0.0.0
DHCP: Your IP Address (yiaddr) = 0.0.0.0
DHCP: Server IP Address (siaddr) = 0.0.0.0
DHCP: Relay IP Address (giaddr) = 0.0.0.0
DHCP: Client Ethernet Address (chaddr) = 08002B2ED85E
DHCP: Server Host Name (sname) =
DHCP: Boot File Name (file) =
DHCP: Magic Cookie = [OK]DHCP: Option Field (options)
DHCP: DHCP Message Type = DHCP Request
DHCP: Client-identifier = (Type: 1) 08 00 2b 2e d8 5e
DHCP: Requested Address = 157.54.50.5
DHCP: Server Identifier = 157.54.48.151
DHCP: Host Name = JUMBO-WS
DHCP: Parameter Request List = (Length: 7) 01 0f 03 2c 2e 2f 06
DHCP: End of this option field

DHCPACK: The final step in the process is for the client and server to exchange acknowledgements that indicate that the lease has been issued.

IP: ID = 0x3D30; Proto = UDP; Len: 328
IP: Version = 4 (0x4)
IP: Header Length = 20 (0x14)
IP: Service Type = 0 (0x0)
IP: Precedence = Routine
IP: ...0.... = Normal Delay
IP: ....0... = Normal Throughput
IP: .....0.. = Normal Reliability
IP: Total Length = 328 (0x148)
IP: Identification = 15664 (0x3D30)
IP: Flags Summary = 0 (0x0)
IP: .......0 = Last fragment in datagram
IP: ......0. = May fragment datagram if necessary
IP: Fragment Offset = 0 (0x0) bytes
IP: Time to Live = 128 (0x80)
IP: Protocol = UDP - User Datagram
IP: Checksum = 0x2EA8
IP: Source Address = 157.54.48.151
IP: Destination Address = 255.255.255.255
IP: Data: Number of data bytes remaining = 308 (0x0134)

DHCP: ACK (xid=21274A1D)
DHCP: Op Code (op) = 2 (0x2)
DHCP: Hardware Type (htype) = 1 (0x1) 10Mb Ethernet
DHCP: Hardware Address Length (hlen) = 6 (0x6)
DHCP: Hops (hops) = 0 (0x0)
DHCP: Transaction ID (xid) = 556223005 (0x21274A1D)
DHCP: Seconds (secs) = 0 (0x0)
DHCP: Flags (flags) = 0 (0x0)
DHCP: 0…………… = No Broadcast
DHCP: Client IP Address (ciaddr) = 0.0.0.0
DHCP: Your IP Address (yiaddr) = 157.54.50.5
DHCP: Server IP Address (siaddr) = 0.0.0.0
DHCP: Relay IP Address (giaddr) = 0.0.0.0
DHCP: Client Ethernet Address (chaddr) = 08002B2ED85E
DHCP: Server Host Name (sname) =
DHCP: Boot File Name (file) =
DHCP: Magic Cookie = [OK]DHCP: Option Field (options)
DHCP: DHCP Message Type = DHCP ACK
DHCP: Renewal Time Value (T1) = 8 Days, 0:00:00
DHCP: Rebinding Time Value (T2) = 14 Days, 0:00:00
DHCP: IP Address Lease Time = 16 Days, 0:00:00
DHCP: Server Identifier = 157.54.48.151
DHCP: Subnet Mask = 255.255.240.0
DHCP: Router = 157.54.48.1
DHCP: NetBIOS Name Service = 157.54.16.154
DHCP: NetBIOS Node Type = (Length: 1) 04
DHCP: End of this option field

Overall, these four messages form the core components of the DHCP protocol, helping devices on a network obtain IP addresses quickly and easily. DHCP packets typically include a DHCP message type header that helps guide the DHCP process.

Conversation between DHCP clients and DHCP servers

When a DHCP client boots up, it sends a DHCPDISCOVER message to the DHCP server. It is a broadcast message, so it is sent to the address 255.255.255.255.

The DHCP server receives the DHCPDISCOVER message and responds with a DHCPOFFER message. This message contains the IP address that the server is offering to lease to the client and other information such as the subnet mask, gateway address, and DNS server.

The DHCP client receives the DHCPOFFER message and sends a DHCPREQUEST message to the server, requesting that IP address.

The DHCP server receives the DHCPREQUEST message and sends a DHPCACK message to confirm the assigned IP address. The client device then boots up with the new IP address and can now begin communicating on the network.

As you can see, the conversation between a DHCP client and server is an essential part of the dynamic configuration process for devices on a network. Thanks to DHCP, network administrators no longer have to manually configure every device that connects to their networks, making it easier and more efficient.

DHCP options

What is a DHCP option?

DHCP options are configurations as part of DHCP specification that can be applied to the clients in order to customise how they communicate on a network. Some common DHCP options include assigning static IP addresses, selecting the default gateway address, specifying the DNS server, and configuring the DHCP lease time.

How do DHCP options work?

DHCP options are assigned to DHCP clients by a DHCP server. When a DHCP client boots up on a network, it sends a DHCP request packet that includes a list of DHCP options that it supports. The DHCP server then reviews the options supported by the DHCP client and assigns the DHCP options accordingly.

Common DHCP options

Apart from the basic DHCP Option1, 3,6,51, here are some of the interesting DHCP options:

What is DHCP option 15?

DHCP Option 15, or the Domain Name System (DNS) Servers option, lists one or more DNS servers available to all the clients.

What is DHCP option 43?

DHCP Option 43, or the DHCP Vendor Class Identifier option, is a particular DHCP option used to provide additional information about the type of device being configured. This can include vendor name and model number, which are useful for network administrators when troubleshooting DHCP issues. An example of DHCP Option 43 values have “printer” or “switch.”

What is DHCP option 60?

DHCP Option 60, or the DHCP Client Identifier option, is used to specify the DHCP client’s unique identifier. It is useful for DHCP servers that have multiple clients with the same MAC address.

What is DHCP option 61?

DHCP Option 61, or the DHCP Client FQDN option, specifies the DHCP client’s fully qualified domain name. It is helpful for DHCP servers that need to provide DNS information to DHCP clients. DHCP Option 61 values typically consist of a string of characters followed by a period and the DHCP client’s domain name. For example, “my_device.my_company.com.”

What is DHCP option 66?

DHCP Option 66, or the TFTP Server Name option, specifies the IP address of a TFTP server that DHCP clients can use to download network configuration files. It is useful for updating device configurations when switching between different networks or connecting to remote servers. DHCP Option 66 values typically consist of an IP address and filename, separated by a colon. For example, “10.0.0.1:network_config.txt.”

What is DHCP option 67?

DHCP option 67 is used to specify the path of the Bootstrap Protocol (BootP) server. The BootP server is a server that provides boot images to DHCP clients. DHCP option 67 is typically used in conjunction with DHCP option 66, which specifies the IP address of the BootP server.

What is DHCP option 82?

DHCP Option 82, or the DHCP Vendor Class Identifier option, is a particular DHCP option used to provide additional information about the type of device being configured. This can include things like vendor name and model number, which can be helpful for network administrators when troubleshooting DHCP issues. Some common DHCP Option 82 values have “printer,” “switch,” and “router.” DHCP Option 82 is often used in conjunction with DHCP Option 43.

What is DHCP option 150?

DHCP Option 150, or the DHCP Relay Agent Information option, provides additional information about the DHCP relay agent that initiated the DHCP conversation. It can include things like the IP address of the DHCP server and other DHCP options used in the conversation. DHCP Option 150 is typically used by network administrators when troubleshooting DHCP issues on their networks.

DHCP vs RARP

RARP stands for Reverse Address Resolution Protocol, while DHCP stands for Dynamic Host Configuration Protocol.

DHCP and RARP are networking protocols that automatically allow devices to obtain an IP address. DHCP is more widespread and generally more reliable, while RARP is less common and can be more prone to network or configuration errors.

RARP is a protocol developed before DHCP and worked by mapping a device’s MAC address to its IP address. A RARP server stores a table of all the devices on a network and their associated MAC addresses. When a device requests to obtain an IP address, it sends a broadcast message to the network and queries the RARP server for its IP address.

While DHCP works similarly, it is more robust and scalable than RARP due to its centralised database. Instead of sending a query directly to the server, devices send their requests through an intermediary known as a DHCP relay agent.

The DHCP protocol also offers several other benefits over RARP, such as automatically assigning IP addresses to devices that join a network and support for multiple networks (known as scopes).

In conclusion, DHCP is generally a better choice than RARP as it is more reliable and offers more features.

DHCP port numbers

DHCP uses several ports. These include port 67 for DHCP requests and port 68 for DHCP responses. Other important TCP/UDP ports used by DHCP include 1646, 519, 902, 3268, and 1900. Different networks may use different combinations of these ports depending on their setup and requirements. Using ports other than the default ports is also possible, although doing so can introduce security risks.

Why does DHCP use two ports?

Using a well-known port prevents using the same destination port numbers, preventing other protocols from using the same port that is already in use.

Benefits of DHCP

• Reduced network administration time and costs
• Increased security
• More efficient use of IP addresses
• Automatic allocation of IP addresses
• Easy to use and manage
• A central database of connected devices and systems

DHCP Conflict Detection and Resolution

One of the essential functions of a DHCP server is to ensure no conflict between two or more DHCP servers on the network. If two DHCP servers attempted to assign an IP address to the same client, this would cause an IP address conflict. In theory, two systems or devices would have the same IP address through can’t function. The DHCP server must determine whether or not an address is already in use and if so, must take appropriate action.

There are several methods that a DHCP server can use to detect and address conflicts.

Address Leasing

The most common method is called address leasing. Under this method, the DHCP server assigns an IP address to a client for a specific time, usually a few hours. If the client’s computer does not renew the lease before it expires, the DHCP server assumes that the client is no longer using that address and can reassign it to another client.

Gratuitous ARP

Another method of conflict detection is called gratuitous ARP. With this method, when a DHCP server assigns an IP address to a client, it also sends a particular type of ARP message. This message is broadcast to all hosts on the network and contains the new client’s IP address and MAC address. All hosts on the network then update their ARP tables accordingly. If another host on the network already has an entry for that IP address, it will know that there is a conflict.

Ping Sweep

The final method of conflict detection is called Ping Sweep. With this method, the DHCP server simply tries to ping every IP address on the network. If it receives a response from one of the addresses, it knows that there is another host on the network using that IP address.

Manual Conflict Detection and Resolution (MDCR)

Fortunately, DHCP servers also have several methods to resolve conflicts as well. The first method is called Manual Conflict Detection and Resolution (MDCR). With this method, if a DHCP server detects a conflict, it will alert an administrator so that he or she can manually assign an IP address to the client in question.

Address Release and Reconciliation (ARR)

Another conflict resolution method is called Address Release and Reconciliation (ARR). This method allows DHCP servers to automatically release conflicting IP addresses once new ones are assigned to clients.

Dynamic ARP Inspection (DAI)

The final conflict resolution method is called Dynamic ARP Inspection (DAI). Dynamic ARP Inspection allows DHCP servers to prevent ARP spoofing by automatically blocking the MAC address of any client attempting to gain access to the network using an IP currently in use.

Overall, DHCP provides a quick and efficient way for networks to manage IP addresses and avoid conflicts between clients. By implementing these conflict detection and resolution methods, DHCP ensures that all hosts on your network can communicate without problems.

DHCP Installation and Deployment

The following are the important steps during the installation and deployment of DHCP:

1) Configure DHCP scopes

2) Activate the DHCP server

3) Configure DHCP options

4) Configure DHCP clients

5) Authorise the DHCP server in Active Directory

6) Backup the DHCP database

While implementing DHCP servers, it is vital to make sure that DHCP options, scopes, and clients are correctly configured. This will ensure that DHCP services function smoothly on your network within provided network configuration parameters and that IP addresses are assigned and managed efficiently.

DHCP Logging Configuration Step by Step

DHCP servers can be configured to generate log files that contain information about the DHCP server’s activity. These log files can be helpful in troubleshooting DHCP problems or in tracking down unauthorised DHCP servers on your network.

DHCP logging on Linux systems is usually enabled by default, and the DHCP log files are typically located in the /var/log/ directory.

On Windows systems, DHCP logging is not enabled by default. To enable DHCP logging on a Windows DHCP server, you must first open the DHCP console and then select the “Enable DHCP Audit Logging” checkbox.

The location of the DHCP log file varies depending on the operating system being used. On Windows Server 2003, the log file is located at %windir%\System32\Dhcp\DhcpSrvLog-*.log. On Windows Server 2008, the log file is located at %windir%\System32\Dhcp\Dhcp.log.

The format of the DHCP log file is also different depending on the operating system being used. On Windows Server 2003, the log file is in ASCII format. On Windows Server 2008, the log file is in XML format.

To enable DHCP logging on a Windows Server 2003 DHCP server, open the DHCP console and expand the server’s node in the treeview. Right-click on the “IPv4” node and select “Properties” from the context menu. Select the “General” tab and check the “Enable DHCP audit logging” checkbox. Click “OK” to save your changes.

To enable DHCP logging on a Windows Server 2008 DHCP server, open the DHCP console and expand the server’s node in the treeview. Right-click on the “DHCP” node and select “Properties” from the context menu. Select the “General” tab and check the “Enable DHCP audit logging” checkbox. Click “OK” to save your changes.

Configuring DHCP Logging

The following are the important steps for configuring DHCP logging:

1) On the DHCP server, open the DHCP console.

2) In the console tree, click IPv4 or IPv6, depending on which protocol you want to configure.

3) On the Action menu, click Properties.

4) Click the General tab.

5) Select the Enable DHCP audit logging check box.

6) If you want to log all events, select the Log all events (verbose) check box. By default, only critical events and errors are logged. If you select this check box , the log file will be larger and will take longer to open.

7) If you want to log only DHCP messages, select the Log only DHCP messages check box. By default, all events related to both DHCP and BOOTP are logged. If you select this check box, the log file will be smaller.

8) Click OK.

Viewing DHCP Log Files

The following are the important steps for viewing DHCP log files:

1) On the DHCP server, open Event Viewer.

2) In the console tree, expand Applications and Services Logs, expand Microsoft, expand Windows, and then click Dhcp-Server.

3) In the details pane, double-click a message to view its detailed description.

4) To filter the log so that it displays only entries that pertain to a specific scope or address range, in the console tree, click Scope or Address Pool.

5) In the details pane, double-click a message to view its detailed description.

6) To filter the log so that it displays only entries that pertain to a specific client, right-click Dhcp-Server in the console tree, and then click View Log by Client ID on the shortcut menu. In the Client ID box, type the client identifier of the client for which you want to view log entries, and then click Find Now.

7) In the search results list, double-click a message to view its detailed description.

DHCP snooping 

DHCP snooping is a DHCP security feature that provides protection against DHCP starvation attacks and DHCP spoofing attacks. DHCP snooping works by building a DHCP snooping binding table that contains information about DHCP messages that are received from untrusted sources. DHCP snooping uses this binding table to validate DHCP messages that are received from untrusted sources. If a DHCP message is not valid, it is discarded and the client does not receive an IP address

To enable DHCP snooping on a switch, you must first configure the switch as a DHCP server and then enable DHCP snooping on one or more interfaces.

Useful DHCP tools

• DHCP probe: http://www.net.princeton.edu/software/dhcp_probe/
• ISC forge: https://github.com/isc-projects/forge
• DHCP lease analysis: http://dhcpd-pools.sourceforge.net/
• DHCP SNMP to monitor the address usage of IP address pools: https://github.com/ohitz/dhcpd-snmp

Conclusion

DHCP is an essential protocol for assigning IP addresses to devices on a network. DHCP also provides several key features, including address allocation, lease management, and router discovery. In addition, DHCP snooping can provide security against DHCP starvation attacks and DHCP spoofing attacks.

Should you be interested in reviewing DHCP, DNS or any Active Directory components from the security perspective, we offer Active Directory Security Assessments, Network penetration testing and various other forms based on the threat scenarios. Get in touch to schedule a casual conversation.