Configure a DHCP server

- [Narrator] In order to communicate on an IP network, clients need to have an IP address. Addresses can be assigned manually which is a good idea for things like servers and infrastructure devices where you need to know exactly which address is being used, but most clients, like laptops, desktops, mobile devices and Internet of Things, things, don't really need to have a specific address. They just need an address. On a network the system that assigns addresses is called a DHCP server. DHCP or Dynamic Host Configuration Protocol, usually runs on a router but it can run on a separate server as well. DHCP keeps track of addresses that are in use and responds to requests from new clients with an address to use and it can provided some configuration information to its clients. At a high level DHCP works like this, when it needs an address, a client sends a broadcast message called DHCPDISCOVER to the network, and a DHCP server that's listening for these responds with a DHCPOFFER message. The client responds with a DHCPREQUEST message asking for that IP address, and then the server sends a DHCPACK message to acknowledge the receipt of the address. Then the client uses that IP address until the predefined address lease time expires. We have a lease so assigned addresses aren't used up forever. If a client goes away it's address can be reassigned to a different machine after a period of time. In this video we'll set up a DHCP server on a Linux host and configure a client to use DHCP to get an address. One word of warning here though, while the other services we can set up on a network don't necessarily affect the network while we're experimenting with them, DHCP has the potential to really cause issues if it's set up on a network that already has another DHCP server running on it. In fact this scenario which is called a rogue DHCP server is one of those things that keeps some network administrator's up at night. It can be hard to troubleshoot and it can cause clients to be unable to connect to network resources. So while you're learning, be sure you're using a virtual network without any chance of overlapping your real network or work with your network administrator to isolate the network you're using from the rest of their network. For this course I'm using a virtual network in VirtualBox and the VirtualBox software provides its own DHCP server. I've disabled that feature on my virtual network. To get started we need the ISC-DHCP server package. ISC stands for Internet Systems Consortium. Once that's installed there are two files we'll need to modify in order to make this system act as a DHCP server. These are etc, default, isc-dhcp server and etc, dhcp, dhcpd.conf. In the isc-dhcp server file, we'll need to set the interface where the service is listening. The DHCP service listens for broadcast messages. So it needs to listen to a network interface, not a particular network address and in the dhcpd.conf file, we'll set all of the other options. Like the subnet that we're assigning addresses for. The range of addresses and other options. Like which router and which name server a client should use. So let's take a look at what we want to accomplish. We'll listen on the server's network interface called enp0s3. The ethernet interface. If your server has more than one network interface, you'll need to determine which of them you want to offer the service on. You can set more than one, and we'll operate on the 10.0.2.0 subnet. With a netmask of 255.255.255.0. We'll offer up two hundred addresses, running from 10.0.2.20 to 10.0.2.220. That leaves a little bit of space at the beginning of the range that we can use for static addresses, and we'll offer up the router 10.0 2.1. So our clients can use that to access the internet and will offer the DNS server, 10.0.2.1 as well. So our clients can look up host names for other systems. Here on my server I'll install the software. With apt install isc dash, dhcp dash server. Then I'll open up etc default isc, dhcp server, and down here at the bottom I'll set the interface to enp0s3, and I'll save the file, and now I'll open up etc, dhcp, dhcpd.comf and here I'll set the other options. There are quite a few templates for different configurations in here from a basic configuration that treats all clients the same, through individually specifying hardware addresses to give particular computers and more, but for now we'll make a basic configuration that treats all clients asking for addresses the same. Placing them on the same subnet, but if you're curious take some time and explore the other settings that are common to that, to get some ideas about what else you can do. It can also be a good idea to make a copy of this file before you edit it. In case you feel the need to erase all the comments and just put your directives in here. I'll uncomment this line in order to make this server authoritative. Generally speaking when you're setting up what will be the only DHCP server for a network you want it to be authoritative. Up here there's some defaults for the DHCP server as a whole these will apply to clients on any subnet that the server offers addresses for. They can be set for individual subnets as well or they can be set globally. I'll comment those out for the time being. Default leased time is the number of seconds that a client will get to use the assigned IP address before it needs to contact the server to renew, or before the address goes back into the pool of free addresses that can be used again. Depending on your policies and strategy, you can set this to a low number, to be aggressive about reclaiming addresses. That's a good way of conserving limited addresses if you have an environment like a coffee shop or other public space with many clients coming and going using up your addresses, or you can set it long if you want to help ensure that clients get the same address after a long period away from your network. It's up to you and 600 seconds or 10 minutes is a reasonable default. Clients can also request different lengths of the lease and by default the maximum they're allowed to request of this server is 7200 seconds which is 120 minutes or 2 hours. Here we can redirect the log file if need be and below that is where some example subnet declarations start. I'll make some space here and add in one for our 10.0.2.0 subnet. I'll write subnet 10.0 2.0, and netmask 255.255.255.0. Then I'll use an opening curly brace then I'll set the range of addresses from 10.0.2.20 to 10.0.2.220, and I'll end that line with a semicolon. Then I'll set the option, routers and supply the router that we'll give our clients 10.0.2.1 and a semicolon. Then I'll use option domain dash name, dash servers and put our DNS server. 10.0.2.1, and I'll end that with another curly brace. Each of these subnet declarations has a set of curly braces and each directive within them ends with a semicolon. If you miss one you'll see an error in the log when the DHCP service tries to start up. We can put other options in here like the domain name to append to client host names which will end up as the search parameter in your etc resolve.comf file or NTP servers to use and more. All right now I'll save and I need to restart the DHCP server to pick up these changes. I'll do that with systemctl, restart isc dhcp server, and now this server is ready to hand out IP addresses. Configuring DHCP on a server like this gives us a lot of flexibility for the configuration of our network. It allows us not only to provide dynamic IP addresses for clients on a given subnet but it also allows us to offer various services that we'll see how to manage throughout the rest of the course.