Reference notes.
DHCP (Dynamic Host Configuration Protocol) automatically assigns IP addresses and network configuration to devices on a network, eliminating the need for manual configuration.
DORA Process
DHCP uses a four-step process (all over UDP — client port 68, server port 67):
Client Server
|--- DHCPDISCOVER (broadcast) --->| 1. "Any DHCP servers out there?"
|<-- DHCPOFFER -------------------| 2. "Here's an IP you can use"
|--- DHCPREQUEST (broadcast) ---->| 3. "I'll take that one, thanks"
|<-- DHCPACK ---------------------| 4. "It's yours"
- Discover — Client broadcasts (255.255.255.255) looking for DHCP servers. Client has no IP yet, uses 0.0.0.0 as source.
- Offer — Server(s) respond with an available IP, subnet mask, gateway, and lease duration.
- Request — Client broadcasts its chosen offer (broadcast so other servers know to withdraw their offers).
- Acknowledge — Server confirms the lease. Client configures its interface.
The Discover and Request are broadcast so they work even when the client has no IP address.
Lease Lifecycle
Every DHCP assignment is a lease with a finite duration.
|--- Lease granted ---|--- T1 (50%) ---|--- T2 (87.5%) ---|--- Expiry ---|
Renew attempt Rebind attempt IP released
(unicast to (broadcast to
original server) any server)
- T1 (renewal timer) — At 50% of lease time, client tries to renew with the original server via unicast
- T2 (rebind timer) — At 87.5%, client broadcasts a renewal request to any server
- Expiry — If no renewal succeeds, client releases the IP and starts DORA again
Typical lease durations: 1 hour (guest WiFi), 8-24 hours (office), 1-7 days (home).
DHCP Options
DHCP delivers more than just an IP address. Common options:
| Option | Code | Description |
|---|---|---|
| Subnet mask | 1 | Network mask for the assigned IP |
| Router/gateway | 3 | Default gateway IP |
| DNS servers | 6 | Recursive DNS resolver addresses |
| Domain name | 15 | DNS search domain |
| Lease time | 51 | Duration in seconds |
| NTP servers | 42 | Time synchronisation servers |
| TFTP server | 66 | PXE boot server (network booting) |
DHCP Relay
DHCP uses broadcast, which doesn’t cross router boundaries. In networks with centralised DHCP servers, a DHCP relay agent (often the router itself) forwards DHCP broadcasts from client subnets to the server as unicast.
Client (VLAN 10) --broadcast--> Router (relay) --unicast--> DHCP Server (VLAN 20)
The relay agent adds a giaddr (gateway IP address) field so the server knows which subnet the request came from and can assign an IP from the correct pool.
Static vs Dynamic Allocation
| Type | Description | Use Case |
|---|---|---|
| Dynamic | Server assigns from a pool | Most devices |
| Reserved/Static | Server assigns a fixed IP based on MAC address | Servers, printers, IoT |
| Manual | No DHCP — configured directly on the device | Infrastructure (routers, switches) |
DHCP reservations give the convenience of DHCP (centralised config) with the predictability of static IPs.
DHCP Snooping
A switch-level security feature that:
- Builds a binding table mapping MAC → IP → port → VLAN for DHCP-assigned addresses
- Trusted ports (uplinks to DHCP server) can send DHCP server messages (OFFER, ACK)
- Untrusted ports (end devices) can only send client messages (DISCOVER, REQUEST)
- Prevents rogue DHCP servers from assigning incorrect addresses
- The binding table feeds Dynamic ARP Inspection
IPv6: DHCPv6 vs SLAAC
IPv6 offers two approaches to address configuration:
SLAAC (Stateless Address Autoconfiguration)
Devices generate their own IPv6 address from:
- Network prefix (advertised by the router via Router Advertisement messages)
- Interface identifier (derived from MAC address or randomly generated for privacy)
No DHCP server needed. The router only advertises the prefix, not individual addresses.
DHCPv6
Similar to DHCPv4 but with differences:
- Stateful DHCPv6 — Server assigns addresses (like DHCPv4)
- Stateless DHCPv6 — Device uses SLAAC for address, but gets DNS/NTP/domain from DHCPv6
In practice, many networks use SLAAC for addressing + stateless DHCPv6 for DNS configuration.
Self-Hosted DHCP
| Software | Notes |
|---|---|
| ISC Kea | Modern, REST API, replaces ISC DHCP. Supports MySQL/PostgreSQL backends. |
| dnsmasq | Lightweight combined DNS + DHCP. Great for small networks and containers. |
| ISC DHCP | Legacy, end-of-life (2022). Migrate to Kea. |
Most home/office routers run a built-in DHCP server.
Common Issues
| Issue | Cause | Fix |
|---|---|---|
| 169.254.x.x address (APIPA) | DHCP server unreachable | Check server, relay, network path |
| IP conflict | Two devices with same IP | Check for rogue static IPs, review DHCP pool |
| Rogue DHCP server | Unauthorised server on network | Enable DHCP snooping |
| Lease exhaustion | Pool too small for network | Expand pool, reduce lease time |
| Wrong gateway/DNS | DHCP misconfiguration | Audit DHCP options |
See Also
- IP Addressing — Subnetting and address ranges
- ARP — Resolves IP to MAC after DHCP assigns an address
- DNS — DHCP distributes DNS server addresses to clients