Chapter 3. Providing DHCP services
The dynamic host configuration protocol (DHCP) is a network protocol that automatically assigns IP information to clients. You can set up the dhcpd
service to provide a DHCP server and DHCP relay in your network.
3.1. The difference between static and dynamic IP addressing
- Static IP addressing
When you assign a static IP address to a device, the address does not change over time unless you change it manually. Use static IP addressing if you want:
- To ensure network address consistency for servers such as DNS, and authentication servers.
- To use out-of-band management devices that work independently of other network infrastructure.
- Dynamic IP addressing
When you configure a device to use a dynamic IP address, the address can change over time. For this reason, dynamic addresses are typically used for devices that connect to the network occasionally because the IP address can be different after rebooting the host.
Dynamic IP addresses are more flexible, easier to set up, and administer. The Dynamic Host Control Protocol (DHCP) is a traditional method of dynamically assigning network configurations to hosts.
There is no strict rule defining when to use static or dynamic IP addresses. It depends on user’s needs, preferences, and the network environment.
3.2. DHCP transaction phases
The DHCP works in four phases: Discovery, Offer, Request, Acknowledgement, also called the DORA process. DHCP uses this process to provide IP addresses to clients.
- Discovery
- The DHCP client sends a message to discover the DHCP server in the network. This message is broadcasted at the network and data link layer.
- Offer
- The DHCP server receives messages from the client and offers an IP address to the DHCP client. This message is unicast at the data link layer but broadcast at the network layer.
- Request
- The DHCP client requests the DHCP server for the offered IP address. This message is unicast at the data link layer but broadcast at the network layer.
- Acknowledgment
- The DHCP server sends an acknowledgment to the DHCP client. This message is unicast at the data link layer but broadcast at the network layer. It is the final message of the DHCP DORA process.
3.3. The differences when using dhcpd for DHCPv4 and DHCPv6
The dhcpd
service supports providing both DHCPv4 and DHCPv6 on one server. However, you need a separate instance of dhcpd
with separate configuration files to provide DHCP for each protocol.
- DHCPv4
-
Configuration file:
/etc/dhcp/dhcpd.conf
-
Systemd service name:
dhcpd
-
Configuration file:
- DHCPv6
-
Configuration file:
/etc/dhcp/dhcpd6.conf
-
Systemd service name:
dhcpd6
-
Configuration file:
3.4. The lease database of the dhcpd service
A DHCP lease is the period for which the dhcpd
service allocates a network address to a client. The dhcpd
service stores the DHCP leases in the following databases:
-
For DHCPv4:
/var/lib/dhcpd/dhcpd.leases
-
For DHCPv6:
/var/lib/dhcpd/dhcpd6.leases
Manually updating the database files can corrupt the databases.
The lease databases contain information about the allocated leases, such as the IP address assigned to a media access control (MAC) address or the time stamp when the lease expires. Note that all time stamps in the lease databases are in Coordinated Universal Time (UTC).
The dhcpd
service recreates the databases periodically:
The service renames the existing files:
-
/var/lib/dhcpd/dhcpd.leases
to/var/lib/dhcpd/dhcpd.leases~
-
/var/lib/dhcpd/dhcpd6.leases
to/var/lib/dhcpd/dhcpd6.leases~
-
-
The service writes all known leases to the newly created
/var/lib/dhcpd/dhcpd.leases
and/var/lib/dhcpd/dhcpd6.leases
files.
Additional resources
-
dhcpd.leases(5)
man page - Restoring a corrupt lease database
3.5. Comparison of DHCPv6 to radvd
In an IPv6 network, only router advertisement messages provide information about an IPv6 default gateway. As a consequence, if you want to use DHCPv6 in subnets that require a default gateway setting, you must additionally configure a router advertisement service, such as Router Advertisement Daemon (radvd
).
The radvd
service uses flags in router advertisement packets to announce the availability of a DHCPv6 server.
The following table compares features of DHCPv6 and radvd
:
DHCPv6 | radvd | |
---|---|---|
Provides information about the default gateway | no | yes |
Guarantees random addresses to protect privacy | yes | no |
Sends further network configuration options | yes | no |
Maps media access control (MAC) addresses to IPv6 addresses | yes | no |
3.6. Configuring the radvd service for IPv6 routers
The router advertisement daemon (radvd
) sends router advertisement messages that are required for IPv6 stateless autoconfiguration. This enables users to automatically configure their addresses, settings, routes, and to choose a default router based on these advertisements.
You can only set /64
prefixes in the radvd
service. To use other prefixes, use DHCPv6.
Prerequisites
-
You are logged in as the
root
user.
Procedure
Install the
radvd
package:# yum install radvd
Edit the
/etc/radvd.conf
file, and add the following configuration:interface enp1s0 { AdvSendAdvert on; AdvManagedFlag on; AdvOtherConfigFlag on; prefix 2001:db8:0:1::/64 { }; };
These settings configures
radvd
to send router advertisement messages on theenp1s0
device for the2001:db8:0:1::/64
subnet. TheAdvManagedFlag on
setting defines that the client should receive the IP address from a DHCP server, and theAdvOtherConfigFlag
parameter set toon
defines that clients should receive non-address information from the DHCP server as well.Optionally, configure that
radvd
automatically starts when the system boots:# systemctl enable radvd
Start the
radvd
service:# systemctl start radvd
Optionally, display the content of router advertisement packages and the configured values
radvd
sends:# radvdump
Additional resources
-
radvd.conf(5)
man page -
/usr/share/doc/radvd/radvd.conf.example
file - Can I use a prefix length other than 64 bits in IPv6 Router Advertisements?
3.7. Setting network interfaces for the DHCP servers
By default, the dhcpd
service processes requests only on network interfaces that have an IP address in the subnet defined in the configuration file of the service.
For example, in the following scenario, dhcpd
listens only on the enp0s1
network interface:
-
You have only a
subnet
definition for the 192.0.2.0/24 network in the/etc/dhcp/dhcpd.conf
file. -
The
enp0s1
network interface is connected to the 192.0.2.0/24 subnet. -
The
enp7s0
interface is connected to a different subnet.
Only follow this procedure if the DHCP server contains multiple network interfaces connected to the same network but the service should listen only on specific interfaces.
Depending on whether you want to provide DHCP for IPv4, IPv6, or both protocols, see the procedure for:
Prerequisites
-
You are logged in as the
root
user. -
The
dhcp-server
package is installed.
Procedure
For IPv4 networks:
Copy the
/usr/lib/systemd/system/dhcpd.service
file to the/etc/systemd/system/
directory:# cp /usr/lib/systemd/system/dhcpd.service /etc/systemd/system/
Do not edit the
/usr/lib/systemd/system/dhcpd.service
file. Future updates of thedhcp-server
package can override the changes.Edit the
/etc/systemd/system/dhcpd.service
file, and append the names of the interface, thatdhcpd
should listen on to the command in theExecStart
parameter:ExecStart=/usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid $DHCPDARGS enp0s1 enp7s0
This example configures that
dhcpd
listens only on theenp0s1
andenp7s0
interfaces.Reload the
systemd
manager configuration:# systemctl daemon-reload
Restart the
dhcpd
service:# systemctl restart dhcpd.service
For IPv6 networks:
Copy the
/usr/lib/systemd/system/dhcpd6.service
file to the/etc/systemd/system/
directory:# cp /usr/lib/systemd/system/dhcpd6.service /etc/systemd/system/
Do not edit the
/usr/lib/systemd/system/dhcpd6.service
file. Future updates of thedhcp-server
package can override the changes.Edit the
/etc/systemd/system/dhcpd6.service
file, and append the names of the interface, thatdhcpd
should listen on to the command in theExecStart
parameter:ExecStart=/usr/sbin/dhcpd -f -6 -cf /etc/dhcp/dhcpd6.conf -user dhcpd -group dhcpd --no-pid $DHCPDARGS enp0s1 enp7s0
This example configures that
dhcpd
listens only on theenp0s1
andenp7s0
interfaces.Reload the
systemd
manager configuration:# systemctl daemon-reload
Restart the
dhcpd6
service:# systemctl restart dhcpd6.service
3.8. Setting up the DHCP service for subnets directly connected to the DHCP server
Use the following procedure if the DHCP server is directly connected to the subnet for which the server should answer DHCP requests. This is the case if a network interface of the server has an IP address of this subnet assigned.
Depending on whether you want to provide DHCP for IPv4, IPv6, or both protocols, see the procedure for:
Prerequisites
-
You are logged in as the
root
user. -
The
dhcp-server
package is installed.
Procedure
For IPv4 networks:
Edit the
/etc/dhcp/dhcpd.conf
file:Optionally, add global parameters that
dhcpd
uses as default if no other directives contain these settings:option domain-name "example.com"; default-lease-time 86400;
This example sets the default domain name for the connection to
example.com
, and the default lease time to86400
seconds (1 day).Add the
authoritative
statement on a new line:authoritative;
ImportantWithout the
authoritative
statement, thedhcpd
service does not answerDHCPREQUEST
messages withDHCPNAK
if a client asks for an address that is outside of the pool.For each IPv4 subnet directly connected to an interface of the server, add a
subnet
declaration:subnet 192.0.2.0 netmask 255.255.255.0 { range 192.0.2.20 192.0.2.100; option domain-name-servers 192.0.2.1; option routers 192.0.2.1; option broadcast-address 192.0.2.255; max-lease-time 172800; }
This example adds a subnet declaration for the 192.0.2.0/24 network. With this configuration, the DHCP server assigns the following settings to a client that sends a DHCP request from this subnet:
-
A free IPv4 address from the range defined in the
range
parameter -
IP of the DNS server for this subnet:
192.0.2.1
-
Default gateway for this subnet:
192.0.2.1
-
Broadcast address for this subnet:
192.0.2.255
-
The maximum lease time, after which clients in this subnet release the IP and send a new request to the server:
172800
seconds (2 days)
-
A free IPv4 address from the range defined in the
Optionally, configure that
dhcpd
starts automatically when the system boots:# systemctl enable dhcpd
Start the
dhcpd
service:# systemctl start dhcpd
For IPv6 networks:
Edit the
/etc/dhcp/dhcpd6.conf
file:Optionally, add global parameters that
dhcpd
uses as default if no other directives contain these settings:option dhcp6.domain-search "example.com"; default-lease-time 86400;
This example sets the default domain name for the connection to
example.com
, and the default lease time to86400
seconds (1 day).Add the
authoritative
statement on a new line:authoritative;
ImportantWithout the
authoritative
statement, thedhcpd
service does not answerDHCPREQUEST
messages withDHCPNAK
if a client asks for an address that is outside of the pool.For each IPv6 subnet directly connected to an interface of the server, add a
subnet
declaration:subnet6 2001:db8:0:1::/64 { range6 2001:db8:0:1::20 2001:db8:0:1::100; option dhcp6.name-servers 2001:db8:0:1::1; max-lease-time 172800; }
This example adds a subnet declaration for the 2001:db8:0:1::/64 network. With this configuration, the DHCP server assigns the following settings to a client that sends a DHCP request from this subnet:
-
A free IPv6 address from the range defined in the
range6
parameter. -
The IP of the DNS server for this subnet is
2001:db8:0:1::1
. The maximum lease time, after which clients in this subnet release the IP and send a new request to the server is
172800
seconds (2 days).Note that IPv6 requires uses router advertisement messages to identify the default gateway.
-
A free IPv6 address from the range defined in the
Optionally, configure that
dhcpd6
starts automatically when the system boots:# systemctl enable dhcpd6
Start the
dhcpd6
service:# systemctl start dhcpd6
Additional resources
-
dhcp-options(5)
man page -
dhcpd.conf(5)
man page -
/usr/share/doc/dhcp-server/dhcpd.conf.example
file -
/usr/share/doc/dhcp-server/dhcpd6.conf.example
file
3.9. Setting up the DHCP service for subnets that are not directly connected to the DHCP server
Use the following procedure if the DHCP server is not directly connected to the subnet for which the server should answer DHCP requests. This is the case if a DHCP relay agent forwards requests to the DHCP server, because none of the DHCP server’s interfaces is directly connected to the subnet the server should serve.
Depending on whether you want to provide DHCP for IPv4, IPv6, or both protocols, see the procedure for:
Prerequisites
-
You are logged in as the
root
user. -
The
dhcp-server
package is installed.
Procedure
For IPv4 networks:
Edit the
/etc/dhcp/dhcpd.conf
file:Optionally, add global parameters that
dhcpd
uses as default if no other directives contain these settings:option domain-name "example.com"; default-lease-time 86400;
This example sets the default domain name for the connection to
example.com
, and the default lease time to86400
seconds (1 day).Add the
authoritative
statement on a new line:authoritative;
ImportantWithout the
authoritative
statement, thedhcpd
service does not answerDHCPREQUEST
messages withDHCPNAK
if a client asks for an address that is outside of the pool.Add a
shared-network
declaration, such as the following, for IPv4 subnets that are not directly connected to an interface of the server:shared-network example { option domain-name-servers 192.0.2.1; ... subnet 192.0.2.0 netmask 255.255.255.0 { range 192.0.2.20 192.0.2.100; option routers 192.0.2.1; } subnet 198.51.100.0 netmask 255.255.255.0 { range 198.51.100.20 198.51.100.100; option routers 198.51.100.1; } ... }
This example adds a shared network declaration, that contains a
subnet
declaration for both the 192.0.2.0/24 and 198.51.100.0/24 networks. With this configuration, the DHCP server assigns the following settings to a client that sends a DHCP request from one of these subnets:-
The IP of the DNS server for clients from both subnets is:
192.0.2.1
. -
A free IPv4 address from the range defined in the
range
parameter, depending on from which subnet the client sent the request. -
The default gateway is either
192.0.2.1
or198.51.100.1
depending on from which subnet the client sent the request.
-
The IP of the DNS server for clients from both subnets is:
Add a
subnet
declaration for the subnet the server is directly connected to and that is used to reach the remote subnets specified inshared-network
above:subnet 203.0.113.0 netmask 255.255.255.0 { }
NoteIf the server does not provide DHCP service to this subnet, the
subnet
declaration must be empty as shown in the example. Without a declaration for the directly connected subnet,dhcpd
does not start.
Optionally, configure that
dhcpd
starts automatically when the system boots:# systemctl enable dhcpd
Start the
dhcpd
service:# systemctl start dhcpd
For IPv6 networks:
Edit the
/etc/dhcp/dhcpd6.conf
file:Optionally, add global parameters that
dhcpd
uses as default if no other directives contain these settings:option dhcp6.domain-search "example.com"; default-lease-time 86400;
This example sets the default domain name for the connection to
example.com
, and the default lease time to86400
seconds (1 day).Add the
authoritative
statement on a new line:authoritative;
ImportantWithout the
authoritative
statement, thedhcpd
service does not answerDHCPREQUEST
messages withDHCPNAK
if a client asks for an address that is outside of the pool.Add a
shared-network
declaration, such as the following, for IPv6 subnets that are not directly connected to an interface of the server:shared-network example { option domain-name-servers 2001:db8:0:1::1:1 ... subnet6 2001:db8:0:1::1:0/120 { range6 2001:db8:0:1::1:20 2001:db8:0:1::1:100 } subnet6 2001:db8:0:1::2:0/120 { range6 2001:db8:0:1::2:20 2001:db8:0:1::2:100 } ... }
This example adds a shared network declaration that contains a
subnet6
declaration for both the 2001:db8:0:1::1:0/120 and 2001:db8:0:1::2:0/120 networks. With this configuration, the DHCP server assigns the following settings to a client that sends a DHCP request from one of these subnets:-
The IP of the DNS server for clients from both subnets is
2001:db8:0:1::1:1
. A free IPv6 address from the range defined in the
range6
parameter, depending on from which subnet the client sent the request.Note that IPv6 requires uses router advertisement messages to identify the default gateway.
-
The IP of the DNS server for clients from both subnets is
Add a
subnet6
declaration for the subnet the server is directly connected to and that is used to reach the remote subnets specified inshared-network
above:subnet6 2001:db8:0:1::50:0/120 { }
NoteIf the server does not provide DHCP service to this subnet, the
subnet6
declaration must be empty as shown in the example. Without a declaration for the directly connected subnet,dhcpd
does not start.
Optionally, configure that
dhcpd6
starts automatically when the system boots:# systemctl enable dhcpd6
Start the
dhcpd6
service:# systemctl start dhcpd6
Additional resources
-
dhcp-options(5)
man page -
dhcpd.conf(5)
man page -
/usr/share/doc/dhcp-server/dhcpd.conf.example
file -
/usr/share/doc/dhcp-server/dhcpd6.conf.example
file - Setting up a DHCP relay agent
3.10. Assigning a static address to a host using DHCP
Using a host
declaration, you can configure the DHCP server to assign a fixed IP address to a media access control (MAC) address of a host. For example, use this method to always assign the same IP address to a server or network device.
Depending on whether you want to configure fixed addresses for IPv4, IPv6, or both protocols, see the procedure for:
Prerequisites
-
The
dhcpd
service is configured and running. -
You are logged in as the
root
user.
Procedure
For IPv4 networks:
Edit the
/etc/dhcp/dhcpd.conf
file:Add a
host
declaration:host server.example.com { hardware ethernet 52:54:00:72:2f:6e; fixed-address 192.0.2.130; }
This example configures the DHCP server to always assign the
192.0.2.130
IP address to the host with the52:54:00:72:2f:6e
MAC address.The
dhcpd
service identifies systems by the MAC address specified in thefixed-address
parameter, and not by the name in thehost
declaration. As a consequence, you can set this name to any string that does not match otherhost
declarations. To configure the same system for multiple networks, use a different name, otherwise,dhcpd
fails to start.-
Optionally, add further settings to the
host
declaration that are specific for this host.
Restart the
dhcpd
service:# systemctl start dhcpd
For IPv6 networks:
Edit the
/etc/dhcp/dhcpd6.conf
file:Add a
host
declaration:host server.example.com { hardware ethernet 52:54:00:72:2f:6e; fixed-address6 2001:db8:0:1::200; }
This example configures the DHCP server to always assign the
2001:db8:0:1::20
IP address to the host with the52:54:00:72:2f:6e
MAC address.The
dhcpd
service identifies systems by the MAC address specified in thefixed-address6
parameter, and not by the name in thehost
declaration. As a consequence, you can set this name to any string, provided that it is unique to otherhost
declarations. To configure the same system for multiple networks, use a different name because, otherwise,dhcpd
fails to start.-
Optionally, add further settings to the
host
declaration that are specific for this host.
Restart the
dhcpd6
service:# systemctl start dhcpd6
Additional resources
-
dhcp-options(5)
man page -
/usr/share/doc/dhcp-server/dhcpd.conf.example
file -
/usr/share/doc/dhcp-server/dhcpd6.conf.example
file
3.12. Restoring a corrupt lease database
If the DHCP server logs an error that is related to the lease database, such as Corrupt lease file - possible data loss!
,you can restore the lease database from the copy the dhcpd
service created. Note that this copy might not reflect the latest status of the database.
If you remove the lease database instead of replacing it with a backup, you lose all information about the currently assigned leases. As a consequence, the DHCP server could assign leases to clients that have been previously assigned to other hosts and are not expired yet. This leads to IP conflicts.
Depending on whether you want to restore the DHCPv4, DHCPv6, or both databases, see the procedure for:
Prerequisites
-
You are logged in as the
root
user. - The lease database is corrupt.
Procedure
Restoring the DHCPv4 lease database:
Stop the
dhcpd
service:# systemctl stop dhcpd
Rename the corrupt lease database:
# mv /var/lib/dhcpd/dhcpd.leases /var/lib/dhcpd/dhcpd.leases.corrupt
Restore the copy of the lease database that the
dhcp
service created when it refreshed the lease database:# cp -p /var/lib/dhcpd/dhcpd.leases~ /var/lib/dhcpd/dhcpd.leases
ImportantIf you have a more recent backup of the lease database, restore this backup instead.
Start the
dhcpd
service:# systemctl start dhcpd
Restoring the DHCPv6 lease database:
Stop the
dhcpd6
service:# systemctl stop dhcpd6
Rename the corrupt lease database:
# mv /var/lib/dhcpd/dhcpd6.leases /var/lib/dhcpd/dhcpd6.leases.corrupt
Restore the copy of the lease database that the
dhcp
service created when it refreshed the lease database:# cp -p /var/lib/dhcpd/dhcpd6.leases~ /var/lib/dhcpd/dhcpd6.leases
ImportantIf you have a more recent backup of the lease database, restore this backup instead.
Start the
dhcpd6
service:# systemctl start dhcpd6
Additional resources
3.13. Setting up a DHCP relay agent
The DHCP Relay Agent (dhcrelay
) enables the relay of DHCP and BOOTP requests from a subnet with no DHCP server on it to one or more DHCP servers on other subnets. When a DHCP client requests information, the DHCP Relay Agent forwards the request to the list of DHCP servers specified. When a DHCP server returns a reply, the DHCP Relay Agent forwards this request to the client.
Depending on whether you want to set up a DHCP relay for IPv4, IPv6, or both protocols, see the procedure for:
Prerequisites
-
You are logged in as the
root
user.
Procedure
For IPv4 networks:
Install the
dhcp-relay
package:# yum install dhcp-relay
Copy the
/lib/systemd/system/dhcrelay.service
file to the/etc/systemd/system/
directory:# cp /lib/systemd/system/dhcrelay.service /etc/systemd/system/
Do not edit the
/usr/lib/systemd/system/dhcrelay.service
file. Future updates of thedhcp-relay
package can override the changes.Edit the
/etc/systemd/system/dhcrelay.service
file, and append the-i interface
parameter, together with a list of IP addresses of DHCPv4 servers that are responsible for the subnet:ExecStart=/usr/sbin/dhcrelay -d --no-pid -i enp1s0 192.0.2.1
With these additional parameters,
dhcrelay
listens for DHCPv4 requests on theenp1s0
interface and forwards them to the DHCP server with the IP192.0.2.1
.Reload the
systemd
manager configuration:# systemctl daemon-reload
Optionally, configure that the
dhcrelay
service starts when the system boots:# systemctl enable dhcrelay.service
Start the
dhcrelay
service:# systemctl start dhcrelay.service
For IPv6 networks:
Install the
dhcp-relay
package:# yum install dhcp-relay
Copy the
/lib/systemd/system/dhcrelay.service
file to the/etc/systemd/system/
directory and name the filedhcrelay6.service
:# cp /lib/systemd/system/dhcrelay.service /etc/systemd/system/dhcrelay6.service
Do not edit the
/usr/lib/systemd/system/dhcrelay.service
file. Future updates of thedhcp-relay
package can override the changes.Edit the
/etc/systemd/system/dhcrelay6.service
file, and append the-l receiving_interface
and-u outgoing_interface
parameters:ExecStart=/usr/sbin/dhcrelay -d --no-pid -l enp1s0 -u enp7s0
With these additional parameters,
dhcrelay
listens for DHCPv6 requests on theenp1s0
interface and forwards them to the network connected to theenp7s0
interface.Reload the
systemd
manager configuration:# systemctl daemon-reload
Optionally, configure that the
dhcrelay6
service starts when the system boots:# systemctl enable dhcrelay6.service
Start the
dhcrelay6
service:# systemctl start dhcrelay6.service
Additional resources
-
dhcrelay(8)
man page