Configuring a DHCP Server

You can configure a DHCP server using the configuration file /etc/dhcpd.conf.

DHCP also uses the file /var/lib/dhcp/dhcpd.leases to store the client lease database. Refer to the section called Lease Database for more information.

Configuration File

The first step in configuring a DHCP server is to create the configuration file that stores the network information for the clients. Global options can be declared for all clients, or options can be declared for each client system.

The configuration file can contain any extra tabs or blank lines for easier formatting. The keywords are case-insensitive, and lines beginning with a hash mark (#) are considered comments.

There are two types of statements in the configuration file:

Some parameters must start with the option keyword. Options configure DHCP options; whereas, parameters configure values that are not optional or control how the DHCP server behaves.

ImportantImportant
 

If you change the configuration file, the changes will not take effect until you restart the DHCP daemon with the command service dhcpd restart.

Parameters (including options) declared before a section enclosed in curly brackets ({ }) are considered global parameters. Global parameters apply to all the sections below it.

In Figure 12-1, the routers, subnet-mask, domain-name, domain-name-servers, and time-offset options are used for both the apex and raleigh host statements.

As shown in Figure 12-1, you can declare a subnet. You must include a subnet declaration for every subnet in your network. If you do not, the DHCP server will fail to start.

In this example, there are global options for every DHCP client in the subnet and a range declared. Clients are assigned an IP address within the range.

subnet 192.168.1.0 netmask 255.255.255.0 {
        option routers                  192.168.1.254;
        option subnet-mask              255.255.255.0;

        option domain-name              "example.com";
        option domain-name-servers       192.168.1.1;

        option time-offset              -5;     # Eastern Standard Time

	range 192.168.1.10 192.168.1.100;
}

Figure 12-1. Example of a subnet declaration

All subnets that share the same physical network should be declared within a shared-network declaration as shown in Figure 12-2. Parameters within the shared-network but outside the enclosed subnet declarations are considered global parameters. The name of the shared-network should be a descriptive title for the network such as test-lab to describe all the subnets in a test lab environment.

shared-network name {
    option domain-name              "test.redhat.com";
    option domain-name-servers      ns1.redhat.com, ns2.redhat.com;
    option routers                  192.168.1.254;
    more parameters for EXAMPLE shared-network
    subnet 192.168.1.0 netmask 255.255.255.0 {
        parameters for subnet
        range 192.168.1.1 192.168.1.31;
    }
    subnet 192.168.1.32 netmask 255.255.255.0 {
        parameters for subnet
        range 192.168.1.33 192.168.1.63;
    }
}

Figure 12-2. Example of a shared-network declaration

As demonstrated in Figure 12-3, the group declaration can be used to apply global parameters to a group of declarations. You can group shared networks, subnets, hosts, or other groups.

group {
   option routers                  192.168.1.254;
   option subnet-mask              255.255.255.0;

   option domain-name              "example.com";
   option domain-name-servers       192.168.1.1;

   option time-offset              -5;     # Eastern Standard Time

   host apex {
      option host-name "apex.example.com";
      hardware ethernet 00:A0:78:8E:9E:AA; 
      fixed-address 192.168.1.4;
   }

   host raleigh {
      option host-name "raleigh.example.com";
      hardware ethernet 00:A1:DD:74:C3:F2;
      fixed-address 192.168.1.6;
   }
}

Figure 12-3. Example of a group declaration

To configure a DHCP server that leases dynamic IP address to system within a subnet, modify Figure 12-4 with your values. It declares a default lease time, maximum lease time, and network configuration values for the clients. This example assigns IP address in the range 192.168.1.10 and 192.168.1.100 to client systems.

default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.254;
option domain-name-servers 192.168.1.1, 192.168.1.2;
option domain-name "example.com";

subnet 192.168.1.0 netmask 255.255.255.0 {
   range 192.168.1.10 192.168.1.100;
}

Figure 12-4. Example of the range parameter

To assign an IP address to a client based on the MAC address of the network interface card, use the hardware ethernet parameter within a host declaration. As demonstrated in Figure 12-5, the host apex declaration specifies that the network interface card with the MAC address 00:A0:78:8E:9E:AA should always been leased the IP address 192.168.1.4.

Notice that you can also use the optional parameter host-name to assign a host name to the client.

host apex {
   option host-name "apex.example.com";
   hardware ethernet 00:A0:78:8E:9E:AA; 
   fixed-address 192.168.1.4;
}

Figure 12-5. Example of a static IP address using DHCP

TipTip
 

You can use the sample configuration file in Red Hat Linux 7.2 as a starting point and then add your own custom configuration options to it. Copy it to its proper location with the command
cp /usr/share/doc/dhcp-<version-number>/dhcpd.conf.sample /etc/dhcpd.conf
(where <version-number> is the DHCP version you are using).

For a complete list of option statements and what they do, refer to the dhcp-options man page.

Lease Database

On the DHCP server, the file /var/lib/dhcp/dhcpd.leases stores the DHCP client lease database. This file should not be modified by hand. DHCP lease information for each recently assigned IP address is automatically stored in the lease database. The information includes the length of the lease, to whom the IP address has been assigned, the start and end dates for the lease, and the MAC address of the network interface card that was used to retreive the lease.

All times in the lease database are in Greenwich Mean Time (GMT), not local time.

The first time you start the DHCP service, it will fail unless the lease database exists. Use the command touch /var/lib/dhcpd.leases to create the file before starting the server for the first time. Once the file exists and the server has been started, do not try to create a new lease database file.

The lease database is recreated from time to time so that it is not too large. First, all known leases are saved in a temporary lease database. The dhcpd.leases file is renamed dhcpd.leases~, and the temporary lease database is written to dhcpd.leases.

The DHCP daemon could be killed or the system could crash after the lease database has been renamed to the backup file but before the new file has been written. If this happens, there is no dhcpd.leases file that is required to start the service. Do not create a new lease file if this occurs. If you do, all the old leases will be lost and cause many problems. The correct solution is to rename the dhcpd.leases~ backup file to dhcpd.leases and then start the daemon.

Starting and Stopping the Server

ImportantImportant
 

Before you start the DHCP server for the first time, it will fail unless there is an existing dhcpd.leases file. Use the command touch /var/lib/dhcp/dhcpd.leases to create the file before starting the service for the first time (and the first time only). Once the file exists, you do not have to perform this step again.

To start the DHCP service, use the command /sbin/service dhcpd start. To stop the DHCP server, use the command /sbin/service dhcpd stop. If you want the daemon to start automatically at boot time, see Chapter 8 for information on how to manage services.

If you have more than more network interface attached to the system, but you only want the DHCP server to start on one of the interface, you can modify the init script to start only on that device. In the init script located at /etc/rc.d/init.d/dhcpd, there is a section that declares what happens when you try to start the service:

start() {
        # Start daemons.
        echo -n "Starting dhcpd: "
        daemon /usr/sbin/dhcpd
        RETVAL=$?
        echo
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/dhcpd
        return $RETVAL
}

Modify the line that starts the daemon to include the ethernet device on which you want the DHCP server to run:

daemon /usr/sbin/dhcpd eth0

This is useful if you have a firewall machine with two network cards. One network card can be configured as a DHCP client to retreive an IP address to the Internet. The other network card can be used as a DHCP server for the internal network behind the firewall.

DHCP Relay Agent

The DHCP Relay Agent (dhcrelay) allows you to relay DHCP and BOOTP requests from a subnet with no DHCP server on it to a one or more DHCP servers on other subnets.

When a DHCP client requests information, the DHCP Relay Agent forwards the request to the list of DHCP servers specified when the DHCP Relay Agent is started. When a DHCP server returns a reply, the reply is broadcast or unicast on the network that sent the original request.

To start the DHCP Relay Agent, use the dhcrelay command. It can be started with the following options:

Table 12-1. Graphical Update Agent Options

ArgumentDescription
-i Names of the network interfaces to configure. If no interface is specified, all network interfaces will be configured, eliminating non-broadcast interfaces if it can.
-p Port on which dhcrelay should listen. The DHCP Relay Agent transmits requests to the servers on this port and transmits responses to the clients on the port one greater than this port.
-d Force dhcrelay to run in the foreground always.
-q Disable printing the network configuration of dhcrelay on startup.