Hubbry Logo
Dynamic Host Configuration ProtocolDynamic Host Configuration ProtocolMain
Open search
Dynamic Host Configuration Protocol
Community hub
Dynamic Host Configuration Protocol
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Dynamic Host Configuration Protocol
Dynamic Host Configuration Protocol
Dynamic Host Configuration Protocol
View on Wikipedia
from Wikipedia

The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client–server architecture.[1]: Introduction 

The technology eliminates the need for individually configuring network devices manually, and consists of two network components, a centrally installed network DHCP server and client instances of the protocol stack on each computer or device. When connected to the network, and periodically thereafter, a client requests a set of parameters from the server using DHCP.

DHCP can be implemented on networks ranging in size from residential networks to large campus networks and regional ISP networks.[2] Many routers and residential gateways have DHCP server capability. Most residential network routers receive a unique IP address within the ISP network. Within a local network, a DHCP server assigns a local IP address to each device.

DHCP services exist for networks running Internet Protocol version 4 (IPv4), as well as version 6 (IPv6). The IPv6 version of the DHCP protocol is commonly called DHCPv6.

History

[edit]

The Reverse Address Resolution Protocol (RARP) was defined in 1984 for the configuration of simple devices, such as diskless workstations, with a suitable IP address.[3] Acting in the data link layer, it made implementation difficult on many server platforms. It required that a server be present on each individual network link. RARP was superseded by the Bootstrap Protocol (BOOTP) defined in September 1985.[4] This introduced the concept of a relay agent, which allowed the forwarding of BOOTP packets across networks, allowing one central BOOTP server to serve hosts on many IP subnets.

DHCP was first defined in October 1993.[5][6] It is based on BOOTP, but can dynamically allocate IP addresses from a pool and reclaim them when they are no longer in use. It can also be used to deliver a wide range of extra configuration parameters to IP clients, including platform-specific parameters.[7]

Four years later, the DHCPINFORM message type (used for WPAD) and other small changes were added. This definition, from 1997,[1] remains the core of the standard for IPv4 networks.

DHCPv6 was initially defined in 2003.[8] After updates by many subsequent RFCs, its definition was replaced in 2018,[9] where prefix delegation and stateless address autoconfiguration were now merged.

Overview

[edit]

Internet Protocol (IP) defines how devices communicate within and across local networks on the Internet. A DHCP server can manage IP settings for devices on its local network, e.g., by assigning IP addresses to those devices automatically and dynamically.[10]

DHCP operates based on the client–server model. When a computer or other device connects to a network, the DHCP client software sends a DHCP broadcast query requesting the necessary information. Any DHCP server on the network may service the request. The DHCP server manages a pool of IP addresses and information about client configuration parameters such as default gateway, domain name, the name servers, and time servers. On receiving a DHCP request, the DHCP server may respond with specific information for each client, as previously configured by an administrator, or with a specific address and any other information valid for the entire network and for the time period for which the allocation (lease) is valid. A DHCP client typically queries this information immediately after booting, and periodically thereafter before the expiration of the information. When a DHCP client refreshes an assignment, it initially requests the same parameter values, but the DHCP server may assign a new address based on the assignment policies set by administrators.

On large networks that consist of multiple links, a single DHCP server may service the entire network when aided by DHCP relay agents located on the interconnecting routers. Such agents relay messages between DHCP clients and DHCP servers located on different subnets.

Depending on implementation, the DHCP server may have three methods of allocating IP addresses:

Dynamic allocation
A network administrator reserves a range of IP addresses for DHCP, and each DHCP client on the LAN is configured to request an IP address from the DHCP server during network initialization. The request-and-grant process uses a lease concept with a controllable time period, allowing the DHCP server to reclaim and then reallocate IP addresses that are not renewed.
Automatic allocation
The DHCP server permanently assigns an IP address to a requesting client from a range defined by an administrator. This is like dynamic allocation, but the DHCP server keeps a table of past IP address assignments, so that it can preferentially assign to a client the same IP address that the client previously had.
Manual allocation
This method is also variously called static DHCP allocation, fixed address allocation, reservation, and MAC/IP address binding. An administrator maps a unique identifier (a client id or MAC address) for each client to an IP address, which is offered to the requesting client. DHCP servers may be configured to fall back to other methods if this fails.

DHCP services are used for Internet Protocol version 4 (IPv4) and IPv6. The details of the protocol for IPv4 and IPv6 differ sufficiently that they may be considered separate protocols.[11] For the IPv6 operation, devices may alternatively use stateless address autoconfiguration. IPv6 hosts may also use link-local addressing to achieve operations restricted to the local network link.

Operation

[edit]
An illustration of a typical non-renewing DHCP session; each message may be either a broadcast or a unicast, depending on the DHCP client capabilities.[1]

The DHCP employs a connectionless service model, using the User Datagram Protocol (UDP). It is implemented with two UDP port numbers for its operations which are the same as for the bootstrap protocol (BOOTP). The server listens on UDP port number 67, and the client listens on UDP port number 68.

DHCP operations fall into four phases: server discovery, IP lease offer, IP lease request, and IP lease acknowledgement. These stages are often abbreviated as DORA for discovery, offer, request, and acknowledgement.

The DHCP operation begins with clients broadcasting a request. If the client and server are in different Broadcast Domains, a DHCP Helper or DHCP Relay Agent may be used. Clients requesting renewal of an existing lease may communicate directly via UDP unicast, since the client already has an established IP address at that point. Additionally, there is a BROADCAST flag (1 bit in 2 byte flags field, where all other bits are reserved and so are set to 0) the client can use to indicate in which way (broadcast or unicast) it can receive the DHCPOFFER: 0x8000 for broadcast, 0x0000 for unicast.[1] Usually, the DHCPOFFER is sent through unicast. For those hosts which cannot accept unicast packets before IP addresses are configured, this flag can be used to work around this issue.

Discovery

[edit]

The DHCP client broadcasts a DHCPDISCOVER message on the network subnet using the destination address 255.255.255.255 (limited broadcast) or the specific subnet broadcast address (directed broadcast). A DHCP client may also request an IP address in the DHCPDISCOVER, which the server may take into account when selecting an address to offer.

For example, if HTYPE is set to 1, to specify that the medium used is Ethernet, HLEN is set to 6 because an Ethernet address (MAC address) is 6 octets long. The CHADDR is set to the MAC address used by the client. Some options are set as well.

Example Ethernet frame with a DHCPDISCOVER message
Offset Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0 0 Destination MAC (FF:FF:FF:FF:FF:FF)
4 32    
8 64 Source MAC (00:05:3C:04:8D:59)
12 96 EtherType (0x0800)  
16 128 IPv4 packet, containing a UDP PDU with DHCP payload...
20 160
Frame Check Sequence
IPv4 Header
Offset Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0 0 IPv4 header start
4 32
8 64 TTL Protocol (17 UDP) Header Checksum
12 96 Source Address (0.0.0.0)
16 128 Destination Address
UDP Header
Offset Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
20 160 Source Port (68) Destination Port (67)
24 192 Length Checksum
DHCP Payload: DHCPDISCOVER
Offset Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
28 224 OP (0x01) HTYPE (0x01) HLEN (0x06) HOPS (0x00)
32 256 XID (0x3903F326)
36 288 SECS (0x0000) FLAGS (0x0000)
40 320 CIADDR (Client IP address: 0x00000000)
44 352 YIADDR (Your IP address: 0x00000000)
48 384 SIADDR (Server IP address: 0x00000000)
52 416 GIADDR (Gateway IP address: 0x00000000)
56 448 CHADDR (Client Hardware address: 0x00053C04
0x8D590000
0x00000000
0x00000000)
60 480
64 512
68 544
72 576 192 octets of 0s, or overflow space for additional options; BOOTP legacy.
260 2080
264 2112 Magic Cookie (0x63825363)
DHCP Options (in TLV format)
Offset Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
268 2144 First option: 0x350101: Option 53 (DHCP Message Type) 1 octet (containing DHCPDISCOVER) Second option:
272 2176 0x3204c0a80164: Option 50 (Request IP address) 4 octets (containing 192.168.1.100)
276 2208 Third option: 0x370401030f06: Option: 55 (Parameter Request List) 4 octets
280 2240 PRL cont... ff

Offer

[edit]

When a DHCP server receives a DHCPDISCOVER message from a client, which is an IP address lease request, the DHCP server reserves an IP address for the client and makes a lease offer by sending a DHCPOFFER message to the client. This message may contain the client's Client ID (Option 61, containing a unique value, traditionally a MAC address), the IP address that the server is offering, the subnet mask, the lease duration, and the IP address of the DHCP server making the offer. The DHCP server may also take notice of the hardware-level MAC address (as specified in the CHADDR field). This field must be used to identify the client, if no Client ID is provided in the DHCP packet.[1]: §4.2 

The DHCP server determines the configuration based on the client's hardware address as specified in the CHADDR (client hardware address) field. In the following example the server (192.168.1.1) specifies the client's IP address in the YIADDR (your IP address) field.

Example Ethernet frame with a DHCPOFFER message
Offset Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0 0 Destination MAC (00:05:3C:04:8D:59)
4 32    
8 64 Source MAC (B4:0C:25:E3:7D:62)
12 96 EtherType (0x0800)  
16 128 IPv4 packet, containing a UDP PDU with DHCP payload...
20 160
Frame Check Sequence
IPv4 Header
Offset Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0 0 IPv4 header start
4 32
8 64 TTL Protocol (17 UDP) Header Checksum
12 96 Source Address (192.168.1.1)
16 128 Destination Address (192.168.1.100)
UDP Header
Offset Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
20 160 Source Port (67) Destination Port (68)
24 192 Length Checksum
DHCP Payload: DHCPOFFER
Offset Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
28 224 OP (0x02) HTYPE (0x01) HLEN (0x06) HOPS (0x00)
32 256 XID (0x3903F326)
36 288 SECS (0x0000) FLAGS (0x0000)
40 320 CIADDR (Client IP address: 0x00000000)
44 352 YIADDR (Your IP address: 0xC0A80164 or 192.168.1.100)
48 384 SIADDR (Server IP address: 0xC0A80101 or 192.168.1.1)
52 416 GIADDR (Gateway IP address: 0x00000000)
56 448 CHADDR (Client Hardware address: 0x00053C04
0x8D590000
0x00000000
0x00000000)
60 480
64 512
68 544
72 576 192 octets of 0s, or overflow space for additional options; BOOTP legacy.
260 2080
264 2112 Magic Cookie (0x63825363)
DHCP Options (in TLV format)
Offset Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
268 2144 First option: 0x350102: Option 53 (DHCP Message Type) 1 octet (containing DHCPOFFER) Second option:
272 2176 0x0104ffffff00: Option 1 (Subnet mask) 4 octets (containing 255.255.255.0)
276 2208 Third option: 0x0304c0A80101: Option: 3 (Router) 4 octets (containing 192.168.1.1)
280 2240 Router cont... Fourth option: 0x330400015080: Option 51 (Address time) 4 octets (a 86400 second lease time)
284 2272 Address time cont... Fifth option:
288 2304 0x060c09070a0f09070a1009070a13:
Option 6 (Domain Server) 14 octets (containing 9.7.10.15,9.7.10.16,9.7.10.18)
292 2336
296 2368
300 2400   ff

Request

[edit]

In response to the DHCP offer, the client replies with a DHCPREQUEST message, broadcast to the server,[a] requesting the offered address. A client can receive DHCP offers from multiple servers, but it will accept only one DHCP offer.

The client must send the server identification option in the DHCPREQUEST message, indicating the server whose offer the client has selected.[1]: Section 3.1, Item 3  When other DHCP servers receive this message, they withdraw any offers that they have made to the client and return their offered IP address to the pool of available addresses.

Example Ethernet frame with a DHCPREQUEST message
Offset Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0 0 Destination MAC (FF:FF:FF:FF:FF:FF)
4 32    
8 64 Source MAC (00:05:3C:04:8D:59)
12 96 EtherType (0x0800)  
16 128 IPv4 packet, containing a UDP PDU with DHCP payload...
20 160
Frame Check Sequence
IPv4 Header
Offset Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0 0 IPv4 header start
4 32
8 64 TTL Protocol (17 UDP) Header Checksum
12 96 Source Address (0.0.0.0)
16 128 Destination Address (255.255.255.255)
UDP Header
Offset Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
20 160 Source Port (68) Destination Port (67)
24 192 Length Checksum
DHCP Payload: DHCPREQUEST
Offset Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
28 224 OP (0x01) HTYPE (0x01) HLEN (0x06) HOPS (0x00)
32 256 XID (0x3903F326)
36 288 SECS (0x0000) FLAGS (0x0000)
40 320 CIADDR (Client IP address: 0x00000000)
44 352 YIADDR (Your IP address: 0x00000000)
48 384 SIADDR (Server IP address: 0xc0a80101 or 192.168.1.1)
52 416 GIADDR (Gateway IP address: 0x00000000)
56 448 CHADDR (Client Hardware address: 0x00053C04
0x8D590000
0x00000000
0x00000000)
60 480
64 512
68 544
72 576 192 octets of 0s, or overflow space for additional options; BOOTP legacy.
260 2080
264 2112 Magic Cookie (0x63825363)
DHCP Options (in TLV format)
Offset Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
268 2144 First option: 0x350103: Option 53 (DHCP Message Type) 1 octet (containing DHCPREQUEST) Second option:
272 2176 0x3204c0a80164: Option 50 (Request IP address) 4 octets (containing 192.168.1.100)
276 2208 Third option: 0x3604c0a801601: Option: 54 (DHCP Server) 4 octets (containing 192.168.1.1)
280 2240 DHCP Server cont... ff

Acknowledgement

[edit]

When the DHCP server receives the DHCPREQUEST message from the client, the configuration process enters its final phase. The acknowledgement phase involves sending a DHCPACK packet to the client. This packet includes the lease duration and any other configuration information that the client might have requested. At this point, the IP configuration process is completed.

The protocol expects the DHCP client to configure its network interface with the negotiated parameters.

Example Ethernet frame with a DHCPACK message
Offset Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0 0 Destination MAC (00:05:3C:04:8D:59)
4 32    
8 64 Source MAC (B4:0C:25:E3:7D:62)
12 96 EtherType (0x0800)  
16 128 IPv4 packet, containing a UDP PDU with DHCP payload...
20 160
Frame Check Sequence
IPv4 Header
Offset Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0 0 IPv4 header start
4 32
8 64 TTL Protocol (17 UDP) Header Checksum
12 96 Source Address (192.168.1.1)
16 128 Destination Address (192.168.1.100)
UDP Header
Offset Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
20 160 Source Port (67) Destination Port (68)
24 192 Length Checksum
DHCP Payload: DHCPACK
Offset Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
28 224 OP (0x02) HTYPE (0x01) HLEN (0x06) HOPS (0x00)
32 256 XID (0x3903F326)
36 288 SECS (0x0000) FLAGS (0x0000)
40 320 CIADDR (Client IP address: 0x00000000)
44 352 YIADDR (Your IP address: 0xC0A80164 or 192.168.1.100)
48 384 SIADDR (Server IP address: 0xC0A80101 or 192.168.1.1)
52 416 GIADDR (Gateway IP address: 0x00000000)
56 448 CHADDR (Client Hardware address: 0x00053C04
0x8D590000
0x00000000
0x00000000)
60 480
64 512
68 544
72 576 192 octets of 0s, or overflow space for additional options; BOOTP legacy.
260 2080
264 2112 Magic Cookie (0x63825363)
DHCP Options (in TLV format)
Offset Octet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
268 2144 First option: 0x350105: Option 53 (DHCP Message Type) 1 octet (containing DHCPACK) Second option:
272 2176 0x0104ffffff00: Option 1 (Subnet mask) 4 octets (containing 255.255.255.0)
276 2208 Third option: 0x0304c0A80101: Option: 3 (Router) 4 octets (containing 192.168.1.1)
280 2240 Router cont... Fourth option: 0x330400015080: Option 51 (Address time) 4 octets (a 86400 second lease time)
284 2272 Address time cont... Fifth option:
288 2304 0x060c09070a0f09070a1009070a13:
Option 6 (Domain Server) 14 octets (containing 9.7.10.15,9.7.10.16,9.7.10.18)
292 2336
296 2368
300 2400   ff

Selecting and configuring IP addresses

[edit]

When the server is reusing an IP address from its pool, it may first check (using ping) to see if it is not taken already.[1]: sec. 2.2  This may happen if a host is configured manually with an IP address that lies within the DHCP scope.

Before claiming an IP address, the client should probe the newly received address (e.g. with ARP), in order to find if there is another host present in the network with the proposed IP address.[1]: sec. 2.2  If there is no reply, this address does not conflict with that of another host, so it is free to be used. If this probe finds another computer using that address, the client should broadcast a DHCPDECLINE to the DHCP server(s).

Information

[edit]

A DHCP client may request more information than the server sent with the original DHCPOFFER. The client may also request repeat data for a particular application. For example, browsers use DHCP Inform to obtain web proxy settings via WPAD.

Releasing

[edit]

The client sends a request to the DHCP server to release the DHCP information and the client deactivates its IP address. As client devices usually do not know when users may unplug them from the network, the protocol does not mandate the sending of DHCP Release.

Client configuration parameters

[edit]

A DHCP server can provide optional configuration parameters to the client. RFC 2132 describes the available DHCP options defined by Internet Assigned Numbers Authority (IANA) - DHCP and BOOTP PARAMETERS.[12]

A DHCP client can select, manipulate and overwrite parameters provided by a DHCP server. In Unix-like systems this client-level refinement typically takes place according to the values in the configuration file /etc/dhclient.conf.

Options

[edit]

Options are octet strings of varying length. This is called Type–length–value encoding. The first octet is the option code, the second octet is the number of following octets and the remaining octets are code dependent. For example, the DHCP message-type option for an offer would appear as 0x35, 0x01, 0x02, where 0x35 is code 53 for "DHCP message type", 0x01 means one octet follows and 0x02 is the value of "offer".

The following tables list the available DHCP options.[13][12]

RFC 1497 (BOOTP Vendor Information Extensions) vendor extensions[13]: Section 3 
Code Name Length Notes
0 Pad 0 octets Can be used to pad other options so that they are aligned to the word boundary; is not followed by length byte
1 Subnet mask 4 octets Client's subnet mask as per RFC 950. If both the subnet mask and the router option (option 3) are included, the subnet mask option must be first.
2 Time offset 4 octets Time offset of the client's subnet in seconds from Coordinated Universal Time (UTC). The offset is expressed as a two's complement 32-bit integer. A positive offset indicates a location east of the zero meridian and a negative offset indicates a location west of the zero meridian.
3 Router Multiples of 4 octets Available routers, should be listed in order of preference
4 Time server Multiples of 4 octets Available Time Protocol servers to synchronise with, should be listed in order of preference
5 Name server Multiples of 4 octets Available IEN 116 name servers, should be listed in order of preference
6 Domain name server Multiples of 4 octets Available DNS servers, should be listed in order of preference
7 Log server Multiples of 4 octets Available log servers, should be listed in order of preference
8 Cookie server Multiples of 4 octets Cookie in this case means "fortune cookie" or "quote of the day", a pithy or humorous anecdote often sent as part of a logon process on large computers; it has nothing to do with cookies sent by websites.
9 LPR Server Multiples of 4 octets A list of Line Printer Daemon protocol servers available to the client, should be listed in order of preference
10 Impress server Multiples of 4 octets A list of Imagen Impress servers available to the client, should be listed in order of preference
11 Resource location server Multiples of 4 octets A list of Resource Location Protocol servers available to the client, should be listed in order of preference
12 Host name Minimum of 1 octet Name of the client. The name may be qualified with the local domain name.
13 Boot file size 2 octets Length of the boot image in 512B blocks
14 Merit dump file Minimum of 1 octet Path where crash dumps should be stored
15 Domain name Minimum of 1 octet
16 Swap server 4 octets
17 Root path Minimum of 1 octet
18 Extensions path Minimum of 1 octet
255 End 0 octets Used to mark the end of the vendor option field
IP layer parameters per host[13]: Section 4 
Code Name Length Notes
19 IP forwarding enable/disable 1 octet
20 Non-local source routing enable/disable 1 octet
21 Policy filter Multiples of 8 octets
22 Maximum datagram reassembly size 2 octets
23 Default IP time-to-live 1 octet
24 Path MTU aging timeout 4 octets
25 Path MTU plateau table Multiples of 2 octets
IP Layer Parameters per Interface[13]: Section 5 
Code Name Length Notes
26 Interface MTU 2 octets
27 All subnets are local 1 octet
28 Broadcast address 4 octets
29 Perform mask discovery 1 octet
30 Mask supplier 1 octet
31 Perform router discovery 1 octet
32 Router solicitation address 4 octets
33 Static route Multiples of 8 octets A list of destination/router pairs
Link layer parameters per interface[13]: Section 6 
Code Name Length Notes
34 Trailer encapsulation option 1 octet
35 ARP cache timeout 4 octets
36 Ethernet encapsulation 1 octet
TCP parameters[13]: Section 7 
Code Name Length Notes
37 TCP default TTL 1 octet
38 TCP keepalive interval 4 octets
39 TCP keepalive garbage 1 octet
Application and service parameters[13]: Section 8 
Code Name Length Notes
40 Network information service domain Minimum of 1 octet
41 Network information servers Multiples of 4 octets
42 Network Time Protocol (NTP) servers Multiples of 4 octets
43 Vendor-specific information Minimum of 1 octets
44 NetBIOS over TCP/IP name server Multiples of 4 octets
45 NetBIOS over TCP/IP datagram Distribution Server Multiples of 4 octets
46 NetBIOS over TCP/IP node type 1 octet
47 NetBIOS over TCP/IP scope Minimum of 1 octet
48 X Window System font server Multiples of 4 octets
49 X Window System display manager Multiples of 4 octets
64 Network Information Service+ domain Minimum of 1 octet
65 Network Information Service+ servers Multiples of 4 octets
68 Mobile IP home agent Multiples of 4 octets
69 Simple Mail Transfer Protocol (SMTP) server Multiples of 4 octets
70 Post Office Protocol (POP3) server Multiples of 4 octets
71 Network News Transfer Protocol (NNTP) server Multiples of 4 octets
72 Default World Wide Web (WWW) server Multiples of 4 octets
73 Default Finger protocol server Multiples of 4 octets
74 Default Internet Relay Chat (IRC) server Multiples of 4 octets
75 StreetTalk server Multiples of 4 octets
76 StreetTalk Directory Assistance (STDA) server Multiples of 4 octets
DHCP extensions[13]: Section 9 
Code Name Length Notes
50 Requested IP address 4 octets
51 IP address lease time 4 octets
52 Option overload 1 octet
53 DHCP message type 1 octet
54 Server identifier 4 octets
55 Parameter request list Minimum of 1 octet
56 Message Minimum of 1 octet
57 Maximum DHCP message size 2 octets
58 Renewal (T1) time value 4 octets
59 Rebinding (T2) time value 4 octets
60 Vendor class identifier Minimum of 1 octet
61 Client identifier Minimum of 2 octets
66 TFTP server name Minimum of 1 octet
67 Bootfile name Minimum of 1 octet

DHCP message types

[edit]

This table lists the DHCP message types. These codes are the value in the DHCP extension 53, shown in the table above.

DHCP message types
Code Name Length RFC
1 DHCPDISCOVER 1 octet 2132[13]: §9.6 
2 DHCPOFFER 1 octet 2132
3 DHCPREQUEST 1 octet 2132
4 DHCPDECLINE 1 octet 2132
5 DHCPACK 1 octet 2132
6 DHCPNAK 1 octet 2132
7 DHCPRELEASE 1 octet 2132
8 DHCPINFORM 1 octet 2132
9 DHCPFORCERENEW 1 octet 3203[14]: §4 
10 DHCPLEASEQUERY 1 octet 4388[15]: §6.1 
11 DHCPLEASEUNASSIGNED 1 octet 4388
12 DHCPLEASEUNKNOWN 1 octet 4388
13 DHCPLEASEACTIVE 1 octet 4388
14 DHCPBULKLEASEQUERY 1 octet 6926[16]: §6.2.1 
15 DHCPLEASEQUERYDONE 1 octet 6926
16 DHCPACTIVELEASEQUERY 1 octet 7724[17]: §5.2.1 
17 DHCPLEASEQUERYSTATUS 1 octet 7724
18 DHCPTLS 1 octet 7724

Client vendor identification

[edit]

An option exists to identify the vendor and functionality of a DHCP client. The information is a variable-length string of characters or octets which has a meaning specified by the vendor of the DHCP client. One method by which a DHCP client can communicate to the server that it is using a certain type of hardware or firmware is to set a value in its DHCP requests called the Vendor Class Identifier (VCI) (Option 60).

The value to which this option is set gives the DHCP server a hint about any required extra information that this client needs in a DHCP response. Some types of set-top boxes set the VCI to inform the DHCP server about the hardware type and functionality of the device. An Aruba campus wireless access point, for example, supplies value 'ArubaAP' as option 60 in its DHCPDISCOVER message.[18] The DHCP server can then augment its DHCPOFFER with an IP address of an Aruba wireless controller in option 43, so the access point knows where to register itself.

Setting a VCI by the client allows a DHCP server to differentiate between client machines and process the requests from them appropriately.

Other extensions

[edit]
Documented DHCP options
Code Name Length RFC
77 User Class Minimum of 2 octets 3004[19]
82 Relay agent information Minimum of 2 octets 3046[20]
85 Novell Directory Service (NDS) servers Minimum of 4 octets, multiple of 4 octets 2241[21]: §2 
86 NDS tree name Variable 2241[21]: §3 
87 NDS context Variable 2241[21]: §4 
100 Time zone, POSIX style Variable 4833[22]
101 Time zone, tz database style Variable 4833
114 DHCP Captive-Portal Variable 8910[23]
119 Domain search Variable 3397[24]
121 Classless static route Variable 3442[25]
209 Configuration File Variable 5071[26]
210 Path Prefix Variable 5071
211 Reboot Time Variable 5071

Relay agent information sub-options

[edit]

The relay agent information option (option 82) specifies container for attaching sub-options to DHCP requests transmitted between a DHCP relay and a DHCP server.[27]

Relay agent sub-options
Code Name Length RFC
1 Agent Circuit ID Minimum of 1 octet 3046[20]
2 Agent Remote ID Minimum of 1 octet 3046
4 Data-Over-Cable Service Interface Specifications (DOCSIS) device class 4 octets 3256[28]

Relaying

[edit]

In small networks, where only one IP subnet is being managed, DHCP clients communicate directly with DHCP servers. However, DHCP servers can also provide IP addresses for multiple subnets. In this case, a DHCP client that has not yet acquired an IP address cannot communicate directly with a DHCP server not on the same subnet, as the client's broadcast can only be received on its own subnet.

In order to allow DHCP clients on subnets not directly served by DHCP servers to communicate with DHCP servers, DHCP relay agents can be installed on these subnets. A DHCP relay agent runs on a network device, capable of routing between the client's subnet and the subnet of the DHCP server. The DHCP client broadcasts on the local link; the relay agent receives the broadcast and transmits it to one or more DHCP servers using unicast. The IP addresses of the DHCP servers are manually configured in the relay agent. The relay agent stores its own IP address, from the interface on which it has received the client's broadcast, in the GIADDR field of the DHCP packet. The DHCP server uses the GIADDR-value to determine the subnet, and subsequently the corresponding address pool, from which to allocate an IP address. When the DHCP server replies to the client, it sends the reply to the GIADDR-address, again using unicast. The relay agent then retransmits the response on the local network, using unicast (in most cases) to the newly reserved IP address, in an Ethernet frame directed to the client's MAC address. The client should accept the packet as its own, even when that IP address is not yet set on the interface.[1]: 25  Directly after processing the packet, the client sets the IP address on its interface and is ready for regular IP communication, directly thereafter.

If the client's implementation of the IP stack does not accept unicast packets when it has no IP address yet, the client may set the broadcast bit in the FLAGS field when sending a DHCPDISCOVER packet. The relay agent will use the 255.255.255.255 broadcast IP address (and the clients MAC address) to inform the client of the server's DHCPOFFER.

The communication between the relay agent and the DHCP server typically uses both a source and destination UDP port of 67.

Client states

[edit]
A simplified DHCP client state-transition diagram based on figure 5 of RFC 2131

A DHCP client can receive these messages from a server:[1]: §4.4 

  • DHCPOFFER
  • DHCPACK
  • DHCPNAK

The client moves through DHCP states depending on how the server responds to the messages that the client sends.

Reliability

[edit]

The DHCP ensures reliability in several ways: periodic renewal, rebinding,[1]: §4.4.5  and failover. DHCP clients are allocated leases that last for some period of time. Clients begin to attempt to renew their leases once half the lease interval has expired.[1]: §4.4.5 Paragraph 3  They do this by sending a unicast DHCPREQUEST message to the DHCP server that granted the original lease. If that server is down or unreachable, it will fail to respond to the DHCPREQUEST. However, in that case the client repeats the DHCPREQUEST from time to time,[1]: §4.4.5 Paragraph 8 [b] so if the DHCP server comes back up or becomes reachable again, the DHCP client will succeed in contacting it and renew the lease.

If the DHCP server is unreachable for an extended period of time,[1]: §4.4.5 Paragraph 5  the DHCP client will attempt to rebind, by broadcasting its DHCPREQUEST rather than unicasting it. Because it is broadcast, the DHCPREQUEST message will reach all available DHCP servers. If some other DHCP server is able to renew the lease, it will do so at this time.

In order for rebinding to work, when the client successfully contacts a backup DHCP server, that server must have accurate information about the client's binding. Maintaining accurate binding information between two servers is a complicated problem; if both servers are able to update the same lease database, there must be a mechanism to avoid conflicts between updates on the independent servers. A proposal for implementing fault-tolerant DHCP servers was submitted to the Internet Engineering Task Force, but never formalized.[29][c]

If rebinding fails, the lease will eventually expire. When the lease expires, the client must stop using the IP address granted to it in its lease.[1]: §4.4.5 Paragraph 9  At that time it will restart the DHCP process from the beginning by broadcasting a DHCPDISCOVER message. Since its lease has expired, it will accept any IP address offered to it. Once it has a new IP address (presumably from a different DHCP server) it will once again be able to use the network. However, since its IP address has changed, any ongoing connections will be broken.

IPv6 networks

[edit]

The basic methodology of DHCP was developed for networks based on Internet Protocol version 4 (IPv4). Since the development and deployment of IPv6 networks, DHCP has also been used for assigning parameters in such networks, despite the inherent features of IPv6 for stateless address autoconfiguration. The IPv6 version of the protocol is designated as DHCPv6.[30]

Security

[edit]
See also: DHCP snooping

The base DHCP does not include any mechanism for authentication.[20]: §7  Because of this, it is vulnerable to a variety of attacks. These attacks fall into three main categories:[1]: sec. 7 

  • Unauthorized DHCP servers providing false information to clients.
  • Unauthorized clients gaining access to resources.
  • Resource exhaustion attacks from malicious DHCP clients.

Because the client has no way to validate the identity of a DHCP server, unauthorized DHCP servers (commonly called "rogue DHCP") can be operated on networks, providing incorrect information to DHCP clients.[31] This can serve either as a denial-of-service attack, preventing the client from gaining access to network connectivity,[32] or as a man-in-the-middle attack.[33] Because the DHCP server provides the DHCP client with server IP addresses, such as the IP address of one or more DNS servers,[1]: sec. 7  an attacker can convince a DHCP client to do its DNS lookups through its own DNS server, and can therefore provide its own answers to DNS queries from the client.[34] This in turn allows the attacker to redirect network traffic through itself, allowing it to eavesdrop on connections between the client and network servers it contacts, or to simply replace those network servers with its own.[34]

Because the DHCP server has no secure mechanism for authenticating the client, clients can gain unauthorized access to IP addresses by presenting credentials, such as client identifiers, that belong to other DHCP clients.[31] This also allows DHCP clients to exhaust the DHCP server's store of IP addresses—by presenting new credentials each time it asks for an address, the client can consume all the available IP addresses on a particular network link, preventing other DHCP clients from getting service.[31]

DHCP does provide some mechanisms for mitigating these problems. The Relay Agent Information Option protocol extension[20] (usually referred to in the industry by its actual number as Option 82[35][36]) allows network operators to attach tags to DHCP messages as these messages arrive on the network operator's trusted network. This tag is then used as an authorization token to control the client's access to network resources. Because the client has no access to the network upstream of the relay agent, the lack of authentication does not prevent the DHCP server operator from relying on the authorization token.[20]: sec. 7 

Another extension, Authentication for DHCP Messages[37] (RFC 3118), provides a mechanism for authenticating DHCP messages. As of 2002, this extension had not seen widespread adoption because of the problems of managing keys for large numbers of DHCP clients.[38] A 2007 book about DSL technologies remarked that:

[T]here were numerous security vulnerabilities identified against the security measures proposed by RFC 3118. This fact, combined with the introduction of 802.1X, slowed the deployment and take-rate of authenticated DHCP, and it has never been widely deployed.[39]

A 2010 book notes that:

[T]here have been very few implementations of DHCP Authentication. The challenges of key management and processing delays due to hash computation have been deemed too heavy a price to pay for the perceived benefits.[40]

Architectural proposals from 2008 involve authenticating DHCP requests using 802.1X or PANA (both of which transport EAP).[41] An IETF proposal was made for including EAP in DHCP itself, the so-called EAPoDHCP;[42] this does not appear to have progressed beyond IETF draft level, the last of which dates to 2010.[43]

IETF standards documents

[edit]
  • RFC 2131 – "Dynamic Host Configuration Protocol,"[1] Draft Standard.
  • RFC 2132 – "DHCP Options and BOOTP Vendor Extensions,"[13] Draft Standard.
  • RFC 3046 – "DHCP Relay Agent Information Option,"[20] Proposed Standard.
  • RFC 3203 – "DHCP reconfigure extension,"[14] Proposed Standard.
  • RFC 3397 – "Dynamic Host Configuration Protocol (DHCP) Domain Search Option,"[24] Proposed Standard.
  • RFC 3442 – "The Classless Static Route Option for Dynamic Host Configuration Protocol (DHCP) version 4,"[25] Proposed Standard.
  • RFC 3942 – "Reclassifying Dynamic Host Configuration Protocol version 4 (DHCPv4) Options,"[44] Proposed Standard.
  • RFC 4361 – "Node-specific Client Identifiers for Dynamic Host Configuration Protocol Version Four (DHCPv4),"[45] Proposed Standard.
  • RFC 4388 – "Dynamic Host Configuration Protocol (DHCP) Leasequery,"[15] Proposed Standard.
  • RFC 4436 – "Detecting Network Attachment in IPv4 (DNAv4),"[46] Proposed Standard.
  • RFC 6926 – "DHCPv4 Bulk Leasequery,"[16] Proposed Standard.
  • RFC 7724 – "Active DHCPv4 Lease Query,"[17] Proposed Standard.
  • RFC 8415 – "Dynamic Host Configuration Protocol for IPv6 (DHCPv6),"[9] Proposed Standard.

See also

[edit]

Notes

[edit]

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Dynamic Host Configuration Protocol

View on Grokipedia
from Grokipedia
The Dynamic Host Configuration Protocol (DHCP) is a client-server protocol that enables automatic assignment of IP addresses and other network configuration parameters, such as subnet masks, default gateways, and DNS server addresses, to devices on (IP) networks, thereby simplifying network administration and reducing manual configuration errors. Developed as an extension of the earlier (BOOTP), DHCP introduces dynamic address allocation with times to efficiently reuse IP addresses in large or changing networks. Standardized in RFC 2131 by the (IETF) in March 1997, it operates primarily over IPv4 networks using UDP port 67 for servers and port 68 for clients, with a broadcast-based discovery mechanism where clients send DHCPDISCOVER messages to locate available servers. DHCP supports three allocation modes: (permanent assignment), dynamic (temporary ), and manual (pre-assigned addresses delivered via the protocol), allowing flexibility for different network environments from small offices to enterprise-scale deployments. The protocol's message exchange typically follows a four-step DORA process—DHCPDISCOVER (client broadcast), OFFER (server proposal with IP and options), REQUEST (client selection and confirmation), and ACKNOWLEDGMENT (server approval)—ensuring reliable configuration delivery while supporting agents for traversal. Configuration options are encoded in variable-length fields, enabling extensibility for parameters like duration, which is locally configured by the server if not specified by the client, and vendor-specific information, with over 50 standardized options defined across related RFCs. Originally built on BOOTP's message format for (as per RFC 951 from 1985), DHCP is widely used in modern TCP/IP networks. It is commonly employed in home networks, enterprise LANs, public Wi-Fi, ISP access networks, and by many end-user devices such as personal computers, smartphones, and IoT devices during network connection. However, DHCP is not used universally; devices with static IP configurations, such as many servers or in special setups where dynamic allocation is unnecessary, do not utilize DHCP. For IPv6 networks, an adapted version known as —detailed in RFC 8415 (November 2018, obsoleting RFC 3315 from 2003)—provides similar functionality but accounts for 's larger address space and stateless autoconfiguration alternatives, using UDP ports 547 (server) and 546 (client) and supporting both stateful address assignment and stateless parameter distribution. This evolution ensures DHCP's relevance in transitioning to and operating infrastructures, where it coexists with mechanisms like Router Advertisements for hybrid configuration scenarios. Overall, DHCP's design emphasizes , considerations (such as options in later extensions), and , making it a foundational element of IP networking since its initial RFC 1531 definition in 1993.

Overview

Purpose and Core Functionality

The Dynamic Host Configuration Protocol (DHCP) is a protocol used on (IP) networks whereby devices, known as clients, automatically obtain IP addresses and other configuration parameters from a centralized DHCP server. This client-server model enables hosts to configure themselves dynamically upon connecting to a network, eliminating the need for manual intervention in assigning network identifiers and settings. DHCP addresses the challenges of manual configuration by automating the process, thereby reducing the risk of human errors such as IP address conflicts or incorrect subnet masks that can disrupt network operations. It is particularly suited to dynamic environments, including large-scale enterprise networks and scenarios involving mobile devices that frequently join and leave the network, as it allows for seamless reconfiguration without administrative overhead. Key benefits of DHCP include enhanced scalability, which supports the management of numerous devices across multiple subnets through relay agents that forward requests without requiring a server on every segment; centralized administration, where a single server handles configurations for diverse network segments to simplify updates and maintenance; and the use of temporary leased addresses, which promote efficient reuse of the limited space by reclaiming unused assignments after a defined period. These features make DHCP indispensable for modern TCP/IP networks, where static assignment proved inadequate for handling growth and variability. DHCP was developed in the mid-1990s as an extension of the (BOOTP) to overcome the limitations of static IP assignment, such as administrative burden and inflexibility in expanding networks.

Key Components and Terminology

The Dynamic Host Configuration Protocol (DHCP) relies on distinct roles to facilitate network configuration. A DHCP client is defined as an host that employs DHCP to acquire essential parameters, such as an . The DHCP server serves as the counterpart, an host responsible for assigning and returning these configuration parameters to clients. To support operations across multiple subnets, a DHCP agent—also referred to as a BOOTP agent—acts as an intermediary, forwarding DHCP messages between clients and servers on a local network. Several core terms underpin DHCP functionality. An IP address lease denotes the finite period during which a is allocated to a client, promoting efficient address . The lease duration, a configurable set by the server, determines this timeframe. Key configuration elements provided via leases include the subnet mask, which delineates the network and host portions of an IP address per RFC 950. The default gateway identifies preferred routers on the client's for outbound traffic. Additionally, DNS server addresses supply IP locations of domain name servers, ordered by preference, to enable hostname resolution as outlined in RFC 1035. DHCP messages are structured as UDP datagrams to ensure reliable, connectionless transmission. Each message features an opcode (op) field, a single octet specifying the type—1 for BOOTREQUEST (client-initiated) or 2 for BOOTREPLY (server response). The client hardware address (chaddr) field, spanning 16 octets, encodes the client's physical ( for unique identification. A transaction ID (xid), a 4-octet random value generated by the client, associates specific requests with their replies, preventing mismatches in concurrent exchanges. Standardized UDP ports define the communication endpoints in DHCP: port 67 for servers to receive client broadcasts, and port 68 for clients to receive server responses.

History and Development

Origins and Early Specifications

The (BOOTP), defined in RFC 951 and published in September 1985, served as the primary predecessor to DHCP. Developed by Bill Croft of and John Gilmore of , BOOTP was designed to enable diskless workstations to automatically obtain their IP addresses, server addresses, and boot file names over IP networks using UDP, facilitating unattended without local storage. This protocol addressed the needs of early networked environments, particularly for booting devices like terminals and workstations, by supporting relay agents to forward requests across subnets and integrating with file transfer protocols such as TFTP. In the early 1990s, the (IETF) initiated the development of DHCP as an extension to BOOTP to overcome its limitations in scalability and flexibility. The first standard for DHCP was published in RFC 1531 in October 1993, authored by Ralph Droms of , which introduced dynamic leasing and additional configuration parameters while maintaining with BOOTP clients and agents. This evolution was driven by the rapid expansion of the , where the fixed, manual assignment of IP addresses under BOOTP proved unscalable amid growing address scarcity from the proliferation of hosts in enterprise and academic networks. Key motivations included automating host configuration to minimize administrative overhead, enabling temporary and reusable IP allocations to conserve the limited IPv4 address space, and supporting dynamic management across large, subnetted environments without per-host manual setup. Initial adoption of DHCP accelerated in the mid-1990s as it became integrated into major operating systems, marking a shift toward automated network configuration in commercial and enterprise settings. included native DHCP client support in , released in August 1995, which facilitated easier TCP/IP networking for personal computers and contributed to the protocol's widespread use in home and small office environments. In systems, early implementations emerged through efforts like those at and , with DHCP support appearing in distributions such as Solaris by the mid-1990s, enabling seamless integration for server and workstation deployments. By this period, DHCP's reference implementations and standards compliance had positioned it as a foundational element for managing IP resources in the burgeoning era.

Evolution and Major Revisions

The Dynamic Host Configuration Protocol (DHCP) for IPv4 underwent significant standardization in 1997 with the publication of RFC 2131, which defined the protocol's core mechanics and obsoleted the earlier RFC 1531 by providing clarified semantics for message exchanges, , and error handling, while introducing new options for enhanced configuration flexibility. Complementing this, RFC 2132 specified the format and usage of DHCP options and BOOTP vendor extensions, establishing a structured framework for conveying additional parameters such as domain names and vendor-specific data, which remains foundational for option implementation. Subsequent refinements addressed limitations in option handling, notably RFC 3396 in 2002, which introduced encapsulation techniques to support longer options exceeding the 255-byte limit, enabling more complex configurations like embedded sub-options for advanced network services without altering the base protocol structure. These updates ensured while accommodating growing network demands, such as larger payloads for enterprise environments. Adaptation to IPv6 marked a key evolutionary step, with RFC 3315 in 2003 defining to provide address assignment and parameter distribution tailored to 's stateless autoconfiguration, including support for and relay mechanisms distinct from IPv4. This specification was later updated and obsoleted by RFC 8415 in 2018, which clarified ambiguities, removed deprecated features, and elevated to status for improved interoperability in modern deployments. As of 2025, ongoing IETF drafts, such as the RFC 8415 bis revision, continue to refine with minor clarifications on timing parameters and message processing, though no fundamental protocol overhauls have occurred since 2018. In parallel, vendor implementations have incorporated enhanced measures, such as mitigations for vulnerabilities like leaks in DHCP services, exemplified by Infoblox's patches addressing CVE-2022-2929 to prevent service disruptions from malicious traffic, without necessitating core protocol changes.

Protocol Mechanics

Message Exchange Process

The message exchange process in DHCP for initial IP address acquisition follows the DORA sequence: Discover, Offer, Request, and Acknowledge. This process enables a client to obtain an and configuration parameters from a DHCP server without prior knowledge of the server's location. The process begins when a DHCP client broadcasts a DHCPDISCOVER message on its local physical to UDP port 67, using the limited 255.255.255.255 as the destination IP and the broadcast address for the . This message includes a randomly generated 32-bit transaction identifier (xid) to uniquely correlate subsequent replies and the client's hardware address (chaddr) in the fixed portion of the message to identify the requesting device. The broadcast ensures that any available DHCP servers on the receive the , even if the client has no assigned . Upon receiving the DHCPDISCOVER, a DHCP server selects an available from its pool and unicasts a DHCPOFFER message back to the client, using the 255.255.255.255 only if the client has set the BROADCAST bit in the flags field (indicating it cannot receive traffic before configuration). The DHCPOFFER includes the proposed in the 'yiaddr' field, the same xid and chaddr for matching, and configuration parameters such as subnet mask and in the options field. Multiple servers may respond with separate offers, allowing the client to choose. The client then broadcasts a DHCPREQUEST message to UDP port 67, again using 255.255.255.255, to indicate acceptance of a specific offer; this message includes the same xid, the chaddr, the server identifier option specifying the chosen server's IP, and the requested IP address option echoing the 'yiaddr' from the selected offer. Other servers receiving this broadcast discard their pending offers upon seeing a different server identifier. The broadcast nature of the DHCPREQUEST informs all servers of the decision without requiring capabilities from the client. Finally, the selected server responds with a unicast DHCPACK message to the now-configured client IP (or broadcast if necessary), containing the assigned IP in 'yiaddr', the lease duration, the matching xid and chaddr, and the full set of configuration parameters. If the server cannot fulfill the request—such as if the requested IP is invalid for the client's subnet—it instead sends a DHCPNAK message, typically broadcast to 255.255.255.255, prompting the client to restart the discovery process.

Lease Acquisition and Renewal

Following the initial lease acquisition through the standard message exchange, DHCP clients maintain network address connectivity by renewing their leases at predefined intervals to prevent expiration and ensure continuous operation. The lease lifecycle is governed by two key timers, T1 and T2, which trigger renewal attempts to balance server load while maximizing client uptime. At T1, which defaults to 50% of the lease duration, the client transitions to the RENEWING state and sends a unicast DHCPREQUEST message to the original leasing server to extend the . If no DHCPACK response is received by T2, set at 87.5% of the lease duration, the client enters the REBINDING state and broadcasts a DHCPREQUEST to any available server to seek extension or rebinding of its . Upon lease expiration at 100% of the duration without a successful renewal, the client releases the address and returns to the state to initiate a new acquisition. These timers are calculated relative to the lease time provided by the server in the DHCPACK message, with the formulas defined as follows: T1=0.5×lease durationT1 = 0.5 \times \text{lease duration} T2=0.875×lease durationT2 = 0.875 \times \text{lease duration} This design, specified in RFC 2131, uses fractional values to avoid dependency on synchronized clocks between clients and servers while ensuring timely renewals that distribute load across the network without excessive interruptions to client connectivity. For clients that already have a pre-configured but require additional configuration parameters without assigning a new , the DHCPINFORM message is used. The client sends a DHCPINFORM (either or broadcast) with its own IP in the 'ciaddr' field, prompting the server to respond with a DHCPACK containing the requested options but omitting time and 'yiaddr' fields, as no allocation occurs. On the server side, management involves maintaining a database to track assigned IP addresses, their associated clients, expiration times, and hardware addresses for verification. Expired leases are marked for reuse, with servers optionally probing the (e.g., via ICMP Echo Request) before reallocation to confirm availability and prevent conflicts. Upon receiving a DHCPRELEASE from a client, the server immediately marks the as available for reassignment. This database ensures efficient IP resource utilization in dynamic environments.

Address Release and Rebinding

In the Dynamic Host Configuration Protocol (DHCP), clients can explicitly surrender their assigned before the lease expires by transmitting a DHCPRELEASE message directly to the allocating server via . This message identifies the using the client's identifier option or the combination of the client hardware address (chaddr) and the in the ciaddr field, allowing the server to promptly recognize and process the release request. Upon receipt, the server marks the address as unallocated, freeing it for reassignment to other clients and thereby preventing potential conflicts in the network. If the client fails to renew its lease—such as when the initial unicast renewal attempt to the original server at time T1 (typically 50% of the lease duration) does not yield a DHCPACK response—the client transitions to the REBINDING state at time T2 (typically 87.5% of the lease duration). In this state, the client broadcasts a DHCPREQUEST message containing its current IP address in the ciaddr field and the requested IP address option to request extension of its lease from any available DHCP server on the network. Responding servers evaluate the request and, if they accept responsibility for the address, reply with a DHCPACK to confirm the rebinding; otherwise, they may send a DHCPNAK to indicate rejection, prompting the client to seek a new address. The DHCPRELEASE process ensures immediate availability of the IP address upon server receipt, as the server updates its allocation records without delay, though it may retain associated client parameters for potential future reuse. This mechanism, combined with rebinding, maintains network efficiency by minimizing address exhaustion and avoiding duplicate assignments, particularly in environments with dynamic client connectivity.

Configuration Elements

Client Parameters

DHCP servers provide clients with essential network configuration parameters to enable seamless integration into IP networks. The core parameters include the client's , subnet mask, , and time. The is dynamically allocated from a server-managed pool and conveyed in the 'yiaddr' field of the DHCPOFFER or DHCPACK message. The subnet mask, which defines the network portion of the , is specified using a bitmask value in option 1 of the DHCP message. The , essential for routing traffic outside the local subnet, is provided via the router option (option 3), listing one or more IP addresses in order of preference. The time, set in option 51, indicates the duration in seconds for which the assignment is valid, allowing clients to renew before expiration to maintain connectivity. Beyond these fundamentals, DHCP servers commonly supply additional parameters to support broader network services. (DNS) server addresses are delivered through option 6, listing IP addresses of preferred DNS resolvers for hostname resolution. The domain name itself is specified in option 15, enabling clients to append a for unqualified hostnames. For time synchronization, option 42 provides a list of (NTP) server addresses. In environments requiring , such as diskless workstations, option 66 identifies a (TFTP) server name or for retrieving boot files. These parameters are encoded as DHCP options to allow flexible extension. Parameter assignment occurs through server-configured scopes, where addresses and options are selected from predefined pools based on the client's or class. Servers use the gateway IP address (giaddr) from relay agents to identify the client's and allocate accordingly, ensuring addresses align with the local . Client , via the vendor class identifier option, further refines selection by matching device types or user groups to specific pools for tailored configurations. DHCP supports both dynamic and static assignments; while most clients receive temporary addresses from shared pools, reservations enable fixed allocations by mapping a client's (in the chaddr field) or client identifier to a specific IP, guaranteeing consistent addressing for critical devices.

DHCP Options and Encodings

DHCP options provide a flexible mechanism for conveying configuration parameters beyond the fixed fields in DHCP messages, allowing servers to supply clients with additional network settings such as IP addresses for gateways or DNS resolvers. Each option follows a standardized TLV (Type-Length-Value) format: a one-octet code identifying the option type, a one-octet length field specifying the number of data octets to follow (excluding the code and length), and a variable-length value field containing the actual data. The option codes range from 0 to 255, with code 0 designated as the Pad option—a single-octet field used solely for padding to align options on desired boundaries without carrying meaningful data—and code 255 as the End option, a single-octet marker signaling the conclusion of the options list in a message. This structure ensures options can be appended to the 'options' field of DHCP messages or, in some cases, to the 'sname' or 'file' fields when space is limited. The primary option space spans codes 1 through 254, enabling a wide array of parameters to be defined and registered with the (IANA). Among these, option 53 (DHCP Message Type) is mandatory for DHCP operations and carries a one-octet value indicating the message's purpose: 1 for DHCPDISCOVER (client broadcast to locate servers), 2 for DHCPOFFER (server response with proposed configuration), 3 for DHCPREQUEST (client acceptance or renewal request), 4 for DHCPDECLINE (client rejection due to conflict), 5 for DHCPACK (server confirmation), 6 for DHCPNAK (server denial), 7 for DHCPRELEASE (client surrender), and 8 for DHCPINFORM (client query without request). Other commonly used options include code 1 for Mask (a four-octet specifying the client's subnet), code 3 for Router (a list of one or more four-octet es representing default gateways in order of preference), code 6 for Domain Name Server (a list of four-octet es for DNS servers), and code 51 for Lease Time (a four-octet unsigned in seconds indicating the duration of the assigned lease). To illustrate the diversity of options, the following table summarizes these and a few additional representative examples from the standard set defined in RFC 2132:
CodeOption NameValue FormatPurpose
1Subnet Mask4 octets ()Defines the subnet mask for the assigned .
3RouterN × 4 octets (N ≥ 1 )Lists default routers, starting with the preferred one.
6Domain Name ServerN × 4 octets (N ≥ 1 )Specifies DNS servers for resolution.
15Domain NameVariable-length string (1-255 octets)Provides the domain suffix for the client's DNS queries.
51IP Address Lease Time4 octets (unsigned integer)Sets the lease duration in seconds (0xffffffff for infinite).
53DHCP Message Type1 octet (enum: 1-8)Identifies the type of DHCP message being sent.
54DHCP Server Identifier4 octets ()Specifies the of the offering DHCP server.
This selection highlights options that establish core network connectivity and lease management, with full details and additional codes available in the IANA registry. For scenarios requiring more complex or vendor-tailored configurations, certain options support internal encapsulation to nest sub-options, enhancing extensibility without consuming additional top-level codes. Option 43 (Vendor-Specific Information), for instance, carries a variable-length opaque string that vendors interpret at their discretion, but when encoding multiple items, it should use an encapsulated format consisting of a sequence of sub-options—each with its own one-octet sub-code, one-octet sub-length, and variable sub-value—mirroring the syntax of standard DHCP options but without a preceding . Similarly, option 18 (Extensions Path) specifies a variable-length ASCII string path to a file containing further , which may include additional options, though it does not directly nest them in the message. When individual options exceed 255 octets—such as expansive vendor-specific data in option 43—RFC 3396 defines a mechanism to encode them as multiple consecutive instances of the same , each with its portion of the value, split on octet boundaries and reassembled by the recipient in sequential order from the aggregate option buffer. This approach preserves the TLV structure while accommodating larger payloads, ensuring compatibility with the 576-octet minimum DHCP message size requirement from RFC 2131. Clients may request specific options in their messages using option 55 (Parameter Request List), a sequence of one-octet codes indicating desired parameters, though the encoding mechanics remain consistent across requests and responses.

Network Integration

Relay Agents and Forwarding

DHCP relay agents serve as intermediaries that enable communication between DHCP clients and servers located on different network subnets. When a client and server are not on the same physical subnet, the relay agent receives broadcast messages from the client and forwards them to one or more remote DHCP servers. This functionality builds on the BOOTP relay agent concept but is adapted for DHCP's stateful nature, allowing dynamic IP address assignment across subnet boundaries. The forwarding process begins when a DHCP client broadcasts a , such as a DHCPDISCOVER or DHCPREQUEST, to the local (255.255.255.255) using UDP destination port 67. The relay agent, listening on UDP port 67, intercepts this broadcast and converts it into a packet destined for the configured DHCP server(s) on UDP port 67. To facilitate the return path, the relay agent modifies the DHCP by inserting its own into the 'giaddr' (gateway ) field of the BOOTP/DHCP header, indicating the originating . The server then unicasts its response, such as a DHCPOFFER or DHCPACK, back to the relay agent's in the 'giaddr' field; the relay agent subsequently broadcasts or unicasts this response to the client based on the flags and client hardware address. This bidirectional relaying ensures that broadcast traffic does not propagate beyond the local , while preserving the necessary routing information. Relay agents are typically configured with a list of one or more DHCP server IP addresses to which client requests should be forwarded, allowing for load balancing and across multiple servers. This configuration is implemented in network devices like routers or switches using commands such as 'ip helper-address' in , which specifies the server addresses and enables the relaying function on specific interfaces. Support for multiple servers ensures that if one is unavailable, requests can be directed to alternatives, enhancing network reliability. By centralizing DHCP servers in a single location rather than deploying one per , relay agents reduce administrative overhead and hardware requirements. They also limit broadcast to individual subnets, preventing in larger environments and improving overall efficiency. This approach is particularly beneficial in enterprise networks where clients are distributed across multiple VLANs or segments.

Vendor-Specific Extensions

The Dynamic Host Configuration Protocol (DHCP) supports vendor-specific extensions through dedicated options that allow for customized implementations beyond standard configurations. These extensions enable clients and servers from particular vendors to exchange proprietary data, facilitating features such as specialized or network-specific policies. Option 60, known as the Vendor Class Identifier, allows DHCP clients to identify their vendor type and hardware configuration to the server. This option consists of a one-octet (60), a one-octet length field, and a variable-length identifier , which might include details like "MSFT 5.0" for clients. Servers use this information to tailor responses, such as providing vendor-appropriate IP addresses or parameters. Closely related, Option 43 carries Vendor-Specific Information as opaque interpreted only by vendor-specific . Its format includes a one-octet (43), a one-octet length, and variable data that can encapsulate sub-options with their own -length-value structures, ending with a 255 terminator. This option is commonly used for proprietary features, such as delivering boot server details in (PXE) scenarios. The vendor is typically identified via Option 60 to ensure targeted delivery. Option 82, the Relay Agent Information option, provides sub-options for relay agents to insert data about the client's network position. Relay agents add this option to the end of client-to-server packets, including sub-option 1 () as a local identifier like a number for replies, and sub-option 2 (Remote ID) as a unique host identifier such as a ID for policy application. The overall format features a one-octet (82), a length field, and concatenated sub-options in code-length-value tuples. This extension aids in tracking client locations within , with relay agents removing it before forwarding server responses. Other notable extensions include Option 81, the Client (FQDN), which enables negotiation between clients and servers for DNS resource record updates. This option's structure comprises a one-octet code (81), length, flags (for update responsibilities like server vs. client A record updates), return codes, and the domain name itself. Additionally, Option 93 specifies the Client System Architecture Type, primarily for PXE clients to indicate their pre-boot environment, such as Intel x86 PC (type 0) or EFI (type 6). It uses a one-octet code (93), length (even number of octets), and 16-bit architecture identifiers to help servers select appropriate bootstrap images. These extensions collectively allow for flexible, vendor-tailored DHCP deployments while maintaining .

Client Lifecycle

State Transitions

The DHCP client behavior is governed by a finite state machine that ensures orderly acquisition, maintenance, and release of network configuration parameters, preventing address conflicts during network changes or reboots. This state machine, illustrated in Figure 5 of the specification, defines eight primary states and the events triggering transitions between them, driven primarily by message exchanges and lease timers. The standard states per RFC 2131 are as follows:
  • INIT: The client enters this initial state upon startup or when no valid lease exists; it broadcasts a DHCPDISCOVER message to locate available DHCP servers on the network.
  • SELECTING: Upon receiving one or more DHCPOFFER messages, the client transitions here, evaluates the offers, selects a preferred server, and broadcasts a DHCPREQUEST message indicating its choice.
  • REQUESTING: The client moves to this state after sending the DHCPREQUEST, awaiting a DHCPACK from the selected server to confirm the lease; if a DHCPNAK is received or the address proves unusable, it returns to INIT.
  • BOUND: Once the DHCPACK is received, the client configures its interface with the assigned parameters and enters this state, where the lease is active; it remains here until the renewal timer T1 expires.
  • RENEWING: At T1 (typically 50% of the lease duration), the client unicasts a DHCPREQUEST to the leasing server to extend the lease; a successful DHCPACK returns it to BOUND, while failure leads to REBINDING at T2.
  • REBINDING: If renewal fails, at T2 (typically 87.5% of the lease duration) the client broadcasts a DHCPREQUEST to any available server; success returns it to BOUND, but lease expiration reverts it to INIT.
  • INIT-REBOOT: Clients rebooting with a previously assigned address (e.g., from non-volatile storage) start here, broadcasting or unicasting a DHCPREQUEST to verify the address's validity, then transitioning to REBOOTING to await response; a DHCPACK confirms transition to BOUND, while a DHCPNAK sends it to INIT.
  • REBOOTING: Entered after sending DHCPREQUEST from INIT-REBOOT; the client awaits a DHCPACK (transition to BOUND) or DHCPNAK (to INIT) to verify the previously assigned address.
Key transitions in the normal flow include: to SELECTING upon sending DHCPDISCOVER and receiving offers; SELECTING to REQUESTING on DHCPREQUEST transmission; REQUESTING to BOUND on DHCPACK receipt; BOUND to RENEWING at T1 expiration; RENEWING to REBINDING at T2 if no response; and REBINDING to upon expiry. These transitions incorporate retransmission logic and in timers to avoid among clients. The overall flow emphasizes sequential progression to minimize disruptions, such as verifying addresses before use in INIT-REBOOT to avoid conflicts on changes.

Error Handling and Reliability

DHCP clients implement retransmission mechanisms to handle potential over UDP, employing an strategy to avoid . For initial DHCPDISCOVER messages, clients wait a randomized delay of 4 seconds (±1 second) before the first retransmission, doubling the interval for subsequent attempts (8, 16, 32, and up to 64 seconds maximum) for a total of typically four retries. Similar backoff applies to DHCPREQUEST messages in states like or REBOOTING, ensuring persistent attempts until a response is received or a timeout occurs. To prevent IP address conflicts, clients perform duplicate address detection (DAD) using ARP probes before accepting an offered address from a DHCP server. Upon receiving a DHCPACK, the client broadcasts ARP requests to check if the IP is already in use on the local network; if a response indicates duplication, the client sends a DHCPDECLINE message to the server and restarts the discovery process. This verification step enhances reliability by avoiding assignment of duplicate addresses, which could disrupt network operations. Server failover protocols enable through active/backup server pairs that synchronize databases in real-time, mitigating single points of failure. In hot standby mode, the backup server monitors the active server and assumes responsibility upon detecting failure, issuing temporary for a maximum client (MCLT) to maintain service continuity without immediate reconfiguration. updates are exchanged via a dedicated protocol over TCP port 647, ensuring both servers maintain consistent state information for quick switchover, often within seconds. The inherent unreliability of UDP transport in DHCP is addressed through idempotent message designs and transaction ID (xid) matching, allowing safe retransmissions without duplicate effects. Clients select unique xids for each request, discarding any incoming messages with mismatched xids to ignore out-of-order or erroneous responses. Broadcast-based requests further improve delivery odds in pre-configured environments, while servers process repeated client messages atomically based on existing lease states, preventing unintended modifications.

IPv6 Adaptation

DHCPv6 Fundamentals

DHCPv6 serves as the IPv6 adaptation of the Dynamic Host Configuration Protocol, enabling automated configuration of network parameters for nodes, including addresses, prefixes, and other settings. Defined in RFC 8415, it operates over UDP and supports both stateless and stateful modes to accommodate diverse network needs. In stateless mode, delivers configuration information such as DNS server addresses without assigning addresses or prefixes, allowing clients to rely on Stateless Address Autoconfiguration (SLAAC) for address generation while obtaining supplementary parameters via an Information-request/Reply exchange. Conversely, stateful mode provides full address and prefix assignment with associated lifetimes, using a four-message sequence to ensure dynamic allocation and management. This dual-mode approach integrates seamlessly with SLAAC, where clients can combine autoconfigured addresses with -provided options for comprehensive setup. The core DHCPv6 message exchange begins with server discovery, where clients multicast a Solicit message to the All_DHCP_Relay_Agents_and_Servers address (ff02::1:2 on link-local scope) using UDP 546 to locate available servers. Servers respond with or Advertise messages from UDP 547, announcing their availability and configuration capabilities, often to the same address. The client then selects a server and sends a or Request message via 546 to confirm its choice and request specific parameters. Finally, the server delivers the configuration in a Reply message via 547, which may be directly to the client or forwarded through relay agents. These messages facilitate rapid, reliable setup in both stateful and stateless contexts, with Solicit and Advertise leveraging for efficiency in server-poor environments. DHCPv6 employs extensible options to convey configuration data, replacing the IPv4 hardware field with a DHCP (DUID) for stable client and server identification across reboots. Key options include the Identity Association for Non-temporary Addresses (IA_NA), which requests and binds one or more non-temporary addresses with preferred and valid lifetimes; and the Identity Association for Temporary Addresses (IA_TA), used for privacy-enhanced temporary addresses without long-term state (IA_TA is specified in RFC 8415 but removed in the pending bis revision). DUIDs, formatted as variable-length identifiers (e.g., DUID-LLT combining link-layer type, time, and ), ensure uniqueness and are included in all messages for association. Note that while RFC 8415 (2018) provides the current specification as a Proposed Standard, a bis revision (draft-ietf-dhc-rfc8415bis-12, approved by the IESG in 2025) is in the RFC Editor's queue for publication as an . It incorporates errata and clarifications, and removes features such as IA_TA.

Key Differences from IPv4 DHCP

DHCPv6 is designed to operate within the protocol suite, introducing several fundamental adaptations compared to IPv4 DHCP to accommodate the expanded and architectural changes of . One primary difference lies in addressing: while IPv4 DHCP assigns 32-bit addresses along with subnet masks, DHCPv6 manages 128-bit addresses without subnet masks, relying instead on Router Advertisements from routers to convey prefix information for configuration. Additionally, DHCPv6 supports through Identity Association for Prefix Delegation (IA_PD), enabling routers to obtain prefixes for subnetworks, a capability absent in IPv4 DHCP. In terms of communication, DHCPv6 eschews IPv4 DHCP's broadcast mechanism, which floods the local network segment, in favor of multicast transmission to specific IPv6 addresses, such as All_DHCP_Relay_Agents_and_Servers (ff02::1:2) for link-local scope. This multicast approach aligns with IPv6's emphasis on efficient, scoped delivery and avoids the inefficiencies of broadcasts in larger address spaces. Client identification also diverges significantly; IPv4 DHCP uses the client's link-layer (MAC) address, whereas DHCPv6 employs a DHCP Unique Identifier (DUID), which can be based on link-layer address plus time, an enterprise number, or other stable values, providing greater flexibility and persistence across interface changes. The lease management model in DHCPv6 separates client identity from address allocation through Identity Associations (IAs), such as IA_NA for non-temporary addresses or IA_TA for temporary ones, allowing addresses to be renewed or rebound independently of the client's core identity. In DHCPv6, clients initiate renewals using Renew and Rebind messages based on T1 and T2 timers, similar to IPv4. Servers can additionally send a unicast Reconfigure message to prompt the client to renew its configuration or request information, providing a server-initiated mechanism absent in IPv4 DHCP. Furthermore, DHCPv6 introduces a stateless configuration mode, where clients use Stateless Address Autoconfiguration (SLAAC) for addresses but query DHCPv6 solely for non-address parameters like DNS server addresses, optimizing for environments where address autoconfiguration suffices.

Security Aspects

Common Vulnerabilities

One prominent vulnerability in DHCP is the rogue server attack, where an unauthorized DHCP server is deployed on the network to respond to client DHCPDISCOVER messages before the legitimate server. This allows the attacker to provide falsified network configurations, such as incorrect default gateways or DNS servers, enabling man-in-the-middle interception of traffic or redirection to malicious endpoints. Clients, by design, accept the first valid DHCPOFFER received, amplifying the risk in broadcast environments without . DHCP starvation attacks exploit the protocol's IP address allocation mechanism by flooding the server with spoofed DHCPDISCOVER requests using fabricated MAC addresses. This rapidly depletes the available IP pool, denying service to legitimate clients unable to obtain addresses and causing widespread network outages. The attack is particularly effective against servers with small lease scopes, as each bogus request can secure a lease without further interaction. Abuse of DHCP Option 82, which allows agents to insert circuit-specific information into requests, introduces risks when a compromised or malicious inserts falsified . Such insertions can enable unauthorized tracking of client locations via remote ID fields or redirection of assignments based on manipulated circuit IDs, undermining network isolation. While primarily a agent concern as discussed in forwarding, improper validation of Option 82 by servers has led to denial-of-service conditions from crafted packets. In June 2025, security updates for (KB5060526 and related) introduced a regression causing the DHCP service to intermittently freeze, preventing renewals and exposing systems to effective denial-of-service disruptions. This issue affected multiple versions, including Server 2019 and 2022, with clients unable to refresh leases until service restart. resolved the regression in subsequent security updates released on July 8, 2025 (e.g., KB5062572). Concurrently, CVE-2025-33050 highlighted a distinct DoS in the DHCP server service, exploitable via malformed requests to crash the process. In August 2025, CVE-2025-40779 was disclosed in the ISC DHCP server (versions 2.6.0 to 2.8.2), a widely used open-source implementation. This allows a by causing the server to crash when processing DHCPv4 requests from clients including specific malformed options that fail matching. Affected servers require restart to recover, potentially disrupting network services.

Mitigation Strategies

To mitigate risks in DHCP deployments, network administrators can implement a combination of switch-level protections, protocol mechanisms, and operational best practices that validate messages, restrict access, and enhance resilience without relying solely on endpoint configurations. These strategies address threats such as rogue servers and exhaustion by enforcing trust boundaries and integrity checks at multiple layers. DHCP snooping serves as a foundational Layer 2 feature on Ethernet switches, acting as a firewall to monitor, filter, and validate DHCP traffic between untrusted hosts and servers. It classifies switch ports as trusted (connected to legitimate DHCP servers or upstream devices) or untrusted (connected to end-user devices, the default), forwarding only valid messages on untrusted ports while dropping unauthorized ones, such as DHCPOFFER or DHCPACK packets originating from untrusted interfaces. By building and maintaining a binding database of client MAC addresses, assigned IP addresses, lease durations, VLANs, and interface details, the mechanism ensures that subsequent messages like DHCPRELEASE or DHCPDECLINE match these bindings before . Additionally, rate-limiting configurable up to 2048 packets per second (with a recommended limit of 100 or fewer on untrusted ports) prevents denial-of-service attacks from excessive DHCP requests. This approach effectively blocks servers and IP spoofing attempts. For authenticating DHCP servers and ensuring trusted exchanges, implementations can leverage to encrypt and integrity-protect communications between relay agents and servers, providing , replay protection, and as specified in RFC 8213. Complementing this, RFC 3118 defines authentication sub-options within DHCP option 90, including a configuration token for basic entity authentication (protocol 0) and delayed authentication using HMAC-MD5 with shared secrets for both message and entity integrity (protocol 1), along with replay detection methods like timestamps or sequence numbers. These options allow clients and servers to verify identities during address allocation and renewals, mitigating man-in-the-middle attacks. However, adoption of RFC 3118 remains limited due to scalability challenges in and to denial-of-service without robust key agreement protocols. Port security and further strengthen DHCP environments by controlling physical and logical access at the switch port level. restricts the number of MAC addresses allowed per port (typically to one or a small set of authorized devices), dynamically learning and binding them to prevent unauthorized devices from injecting DHCP traffic or exhausting address pools. , the standard for port-based network access control, requires supplicants (clients) to authenticate via an (switch) against an authentication server (e.g., ) before granting network access, effectively tying DHCP eligibility to verified credentials and blocking unauthenticated ports from processing any traffic, including broadcasts. When combined with dynamic ARP inspection (), which intercepts and validates ARP packets on untrusted ports against the DHCP snooping binding database, these measures prevent that could redirect DHCP responses; invalid ARP requests or replies are dropped and logged, ensuring IP-MAC mappings remain consistent with legitimate leases. Enabling is prerequisite for DAI in dynamic environments to populate the necessary bindings. Operational best practices emphasize isolating DHCP servers in dedicated VLANs or subnets to limit lateral movement by and reduce exposure to broadcast domains, applying lists to restrict management traffic to authorized IPs only. Continuous monitoring of server logs for anomalies, such as unusual request volumes or failed authentications, enables early detection of attacks, with logs forwarded to centralized, redundant servers at an informational level for analysis. For , configurations between primary and secondary DHCP servers synchronize lease databases and security policies (e.g., shared secrets or ACLs) to maintain consistent protection during failures, ensuring that address allocation remains secure and uninterrupted.

References

  1. https://datatracker.ietf.org/doc/html/rfc2131
  2. https://datatracker.ietf.org/doc/html/rfc951
  3. https://datatracker.ietf.org/doc/html/rfc8415
  4. https://datatracker.ietf.org/doc/html/rfc1531
  5. https://www.rfc-editor.org/rfc/rfc2131.html
  6. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/15-sy/dhcp-15-sy-book/dhcp_overview.html
  7. https://datatracker.ietf.org/doc/html/rfc2131#section-1.5
  8. https://datatracker.ietf.org/doc/html/rfc2131#section-2.2
  9. https://datatracker.ietf.org/doc/html/rfc2132#section-3.1
  10. https://datatracker.ietf.org/doc/html/rfc2132#section-3.3
  11. https://datatracker.ietf.org/doc/html/rfc2132#section-3.6
  12. https://datatracker.ietf.org/doc/html/rfc2131#section-2.1
  13. https://datatracker.ietf.org/doc/html/rfc2131#section-4.1
  14. https://datatracker.ietf.org/doc/rfc951/
  15. https://datatracker.ietf.org/doc/rfc1531/
  16. https://www.isc.org/dhcphistory/
  17. https://learn.microsoft.com/en-us/windows-server/troubleshoot/dynamic-host-configuration-protocol-basics
  18. https://www.ietf.org/rfc/rfc2131.txt
  19. https://www.ietf.org/rfc/rfc2132.txt
  20. https://datatracker.ietf.org/doc/html/rfc3396
  21. https://datatracker.ietf.org/doc/html/rfc3315
  22. https://www.rfc-editor.org/info/rfc8415
  23. https://community.infoblox.com/kb/articles/24672-infoblox-nios-product-is-vulnerable-to-cve-2022-2928-and-cve-2022-2929
  24. https://datatracker.ietf.org/doc/html/rfc2131#section-4.4.5
  25. https://datatracker.ietf.org/doc/html/rfc2131#section-3.4
  26. https://datatracker.ietf.org/doc/html/rfc2131#section-4.3.4
  27. https://datatracker.ietf.org/doc/html/rfc2131#section-4
  28. https://datatracker.ietf.org/doc/html/rfc2131#section-4.4.6
  29. https://datatracker.ietf.org/doc/html/rfc2131#section-3.1
  30. https://datatracker.ietf.org/doc/html/rfc2131#section-4.3.2
  31. https://www.rfc-editor.org/rfc/rfc2132.html
  32. https://datatracker.ietf.org/doc/html/rfc2132
  33. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/xe-16/dhcp-xe-16-book/dhcp-relay-agent-xe.html
  34. https://datatracker.ietf.org/doc/html/rfc3046
  35. https://datatracker.ietf.org/doc/html/rfc4702
  36. https://datatracker.ietf.org/doc/html/rfc4578
  37. https://www.rfc-editor.org/rfc/rfc2131.txt
  38. https://datatracker.ietf.org/doc/html/rfc2131#section-4.4.1
  39. https://datatracker.ietf.org/doc/html/rfc2131#section-3.2
  40. https://kb.isc.org/docs/isc-dhcp-44-manual-pages-dhcpdconf
  41. https://learn.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-failover
  42. https://datatracker.ietf.org/doc/html/rfc2131#section-2
  43. https://datatracker.ietf.org/doc/html/rfc8415#section-6.1
  44. https://datatracker.ietf.org/doc/html/rfc8415#section-6.2
  45. https://datatracker.ietf.org/doc/html/rfc8415#section-6
  46. https://datatracker.ietf.org/doc/html/rfc8415#section-5.2
  47. https://datatracker.ietf.org/doc/html/rfc8415#section-18.3.1
  48. https://datatracker.ietf.org/doc/html/rfc8415#section-18.2.2
  49. https://datatracker.ietf.org/doc/html/rfc8415#section-18.3.10
  50. https://datatracker.ietf.org/doc/html/rfc8415#section-14
  51. https://datatracker.ietf.org/doc/html/rfc8415#section-11
  52. https://datatracker.ietf.org/doc/html/rfc8415#section-21.4
  53. https://datatracker.ietf.org/doc/html/rfc8415#section-21.5
  54. https://datatracker.ietf.org/doc/draft-ietf-dhc-rfc8415bis/
  55. https://datatracker.ietf.org/doc/html/rfc8415#section-21.3
  56. https://datatracker.ietf.org/doc/html/rfc8415#section-6.3
  57. https://datatracker.ietf.org/doc/html/rfc8415#section-13.3
  58. https://datatracker.ietf.org/doc/html/rfc8415#section-7.1
  59. https://datatracker.ietf.org/doc/html/rfc8415#section-9
  60. https://datatracker.ietf.org/doc/html/rfc8415#section-12
  61. https://datatracker.ietf.org/doc/html/rfc8415#section-18.2.9
  62. https://datatracker.ietf.org/doc/html/rfc8415#section-18.2.6
  63. https://attack.mitre.org/techniques/T1557/003/
  64. https://www.h3c.com/en/Support/Resource_Center/EN/Home/Public/00-Public/Technical_Documents/Technology_Literature/Technology_White_Papers/H3C_WP-18582/
  65. https://ieeexplore.ieee.org/document/7413661
  66. https://nvd.nist.gov/vuln/detail/CVE-2018-0174
  67. https://learn.microsoft.com/en-us/answers/questions/2284323/about-kb5060526-dhcp-issue
  68. https://www.thezdi.com/blog/2025/6/10/the-june-2025-security-update-review
  69. https://kb.isc.org/docs/cve-2025-40779
  70. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_55_se/configuration/guide/scg_2960/swdhcp82.html
  71. https://datatracker.ietf.org/doc/html/rfc8213
  72. https://datatracker.ietf.org/doc/html/rfc3118
  73. https://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/multibook/configuration_guide/b_consolidated_config_guide_3850_chapter_0110111.pdf
  74. https://media.defense.gov/2022/Jun/15/2003018261/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDE_20220615.PDF
Add your contribution
Related Hubs
User Avatar
No comments yet.