DHCP (Dynamic Host Configuration Protocol) is a network management protocol used to dynamically assign an Internet Protocol (IP) address to any device, or node, on a network so they can communicate using IP. DHCP automates and centrally manages these configurations rather than requiring network administrators to manually assign IP addresses to all network devices. DHCP can be implemented on small local networks as well as large enterprise networks.
DHCP will assign new IP addresses in each location when devices are moved from place to place, which means network administrators do not have to manually initially configure each device with a valid IP address or reconfigure the device with a new IP address if it moves to a new location on the network. Versions of DHCP are available for use in Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6). IPv6 became an industry standard in 2017 -- nearly 20 years after its specifications were first published. While the adoption rate of IPv6 was slow, by July 2019 more than 29 percent of Google users were making inquiries using IPv6.
How DHCP works
DHCP runs at the application layer of the Transmission Control Protocol/IP (TCP/IP) protocol stack to dynamically assign IP addresses to DHCP clients and to allocate TCP/IP configuration information to DHCP clients. This includes subnet mask information, default gateway IP addresses and domain name system (DNS) addresses.
DHCP is a client-server protocol in which servers manage a pool of unique IP addresses, as well as information about client configuration parameters, and assign addresses out of those address pools. DHCP-enabled clients send a request to the DHCP server whenever they connect to a network.
Clients configured with DHCP broadcast a request to the DHCP server and request network configuration information for the local network to which they're attached. A client typically broadcasts a query for this information immediately after booting up. The DHCP server responds to the client request by providing IP configuration information previously specified by a network administrator. This includes a specific IP address as well as for the time period, also called a lease, for which the allocation is valid. When refreshing an assignment, a DHCP client requests the same parameters, but the DHCP server may assign a new IP address based on policies set by administrators.
A DHCP server manages a record of all the IP addresses it allocates to network nodes. If a node is relocated in the network, the server identifies it using its Media Access Control (MAC) address, which prevents accidentally configuring multiple devices with the same IP address.
DHCP is not a routable protocol, nor is it a secure one. DHCP is limited to a specific local area network (LAN), which means a single DHCP server per LAN is adequate, or two servers for use in case of a failover. Larger networks may have a wide area network (WAN) containing multiple individual locations. Depending on the connections between these points and the number of clients in each location, multiple DHCP servers can be set up to handle the distribution of addresses. If network administrators want a DHCP server to provide addressing to multiple subnets on a given network, they must configure DHCP relay services located on interconnecting routers that DHCP requests have to cross. These agents relay messages between DHCP clients and servers located on different subnets.
DHCP lacks any built-in mechanism that would allow clients and servers to authenticate each other. Both are vulnerable to deception (one computer pretending to be another) and to attack, where rogue clients can exhaust a DHCP server's IP address pool.
Static vs. dynamic DHCP leases
With dynamic DHCP, a client does not own the IP address assigned to it but instead "leases" it for a period of time. Each time a device with a dynamic IP address is powered up, it must communicate with the DHCP server to lease another IP address. Wireless devices are examples of clients that are assigned dynamic IP addresses when they connect to a network.
Devices assigned static IP addresses have permanent IP addresses and are used for devices like web servers or switches.
Under a dynamic DHCP setup, a client may also have to perform certain activities that lead to terminating its IP address and then reconnecting to the network using another IP address. DHCP lease times can vary depending on how long a user is likely to need an internet connection at a particular location. Devices release their IP addresses when their DHCP leases expire and then request a renewal from the DHCP server if they are staying online. The DHCP server may assign a new address rather than renewing an old one.
The typical dynamic DHCP lease cycle is as follows:
- A client acquires an IP address lease through allocation process of requesting one from the DHCP server.
- If a client already has an IP address from an existing lease, it will need to refresh its IP address when it reboots after being shut down and will contact the DHCP server to have an IP address reallocated.
- Once a lease is active, the client is said to be bound to the lease and to the address.
- Once the lease has expired, a client will contact the server that initially granted the least to renew it so it can keep using its IP address.
- If a client is moving to a different network, its dynamic IP address will be terminated and it will request a new IP address from the DHCP server of the new network.
History of DHCP
DHCP is an extension of a 1985 network IP management protocol, Bootstrap Protocol (BOOTP). DHCP is more advanced and DHCP servers can handle BOOTP client requests if any BOOTP clients exist on a network segment. Using one central BOOTP server to serve hosts on many IP subnets, BOOTP introduced the concept of a relay agent that allowed BOOTP packets to be forwarded across networks. BOOTP required a manual process to add configuration information for each client, however, and did not provide a mechanism for reclaiming IP addresses no longer in use.
DHCP uses and functions
DHCP is used to distribute IP addresses within a network, and to configure the proper subnet mask, default gateway, and DNS server information on the device.
DHCP, including RFC 8415, the draft version released in November 2018, can also be used by ordinary electronic devices whose manufacturers want them to be part of the internet of things (IoT). The DHCP is one method of connecting a device, such as refrigerators and lawn sprinkler systems, to the Internet using a Manufacturer Usage Description (MUD), suggested by Internet Engineering Task Force (IETF)
Pros and cons of DHCP
DHCP make it easier for network administrators to add or move devices within a network, whether it be a LAN or WAN. But DHCP is not inherently secure and if malicious actors access the DHCP server, they can wreak havoc. Also, if the DHCP server does not have a backup and the server fails, so do the devices served by it.
One of the key vulnerabilities of DHCP has been the use of so-called man-in-the middle attacks in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other.
DHCP servers have also been the subject of multiple memory corruption vulnerabilities. In these, attackers have targeted the Windows DHCP Server service. When successful, the attacks can lead to full compromise of Microsoft Active Directory. One such vulnerability, patched by Microsoft, was 2019-0725 Windows DHCP Server Remote Code Execution vulnerability.