© David Both 2020

D. BothUsing and Administering Linux: Volume 3https://doi.org/10.1007/978-1-4842-5485-1_3

3. DHCP

David Both¹ 

(1)

Raleigh, NC, USA

 

Objectives

In this chapter you will learn

• The purpose and functions of DHCP

• The functions of and the differences between MAC and IP addresses

• Several of the many network configuration items that DHCP can serve

• How to assign and manage static IP addresses for specific hosts based on the MAC address

Overview of DHCP

The Dynamic Host Configuration Protocol (DHCP) provides a centralized and automated method for configuring hosts when they connect to the network. This reduces the need to configure each network host individually. It is useful for portable devices such as laptops which might connect as unknown guests. DHCP offers even more advantages when used to manage static IP address assignments for known hosts using the central DHCP database.

The DHCP server uses a database of information created by the SysAdmin. This database is entirely contained in the /etc/dhcp/dhcpd.conf configuration file. Like all well-designed Linux configuration files, it is a simple ASCII plain text file. This means that it is open and knowable and that it can be examined by standard, simple text manipulation tools like cat and grep and modified by any text editor such as Emacs or Vim, or a stream editor such as sed.

In addition to assigning IP addresses to client hosts, DHCP can also provide host configuration information such as DNS servers, the domain name used for DNS searches, the default gateway, an NTP (Network Time Protocol) server, a server from which a network boot can be performed, and more.

The DHCP client is always installed on Linux clients – certainly at least Red Hat–based distros and all the other distros I have tried – because of the very high probability that they will be connected to a network using DHCP and not with a static configuration.

When a host configured for DHCP is booted, or its NIC is turned up (activated), it sends a broadcast request to the network asking for a DHCP server to respond. The client and the server engage in a bit of conversation and the server sends the configuration data to the client which uses it to self-configure its network connection. Hosts may have multiple NICs connected to different networks and any or all may be configured using DHCP, or one or more of the NICs may be configured using DHCP and one or more NICS may be configured using static configuration.

Installing the DHCP server

The DHCP server is not installed by default and, like the other servers we will install during this course, we must install it ourselves.

Experiment 3-1

This experiment must be performed as root. For now, we will leave StudentVM1 turned off while we get DHCP configured and running. If it is not powered off, do so now. We will first check the installation status of DHCP and then install the DHCP server.

1. 1.

   Start StudentVM2 if it is not already running.

    
2. 2.

   After StudentVM2 has finished boot and startup, login as the student1 user, open a terminal session and su – to root.

    
3. 3.
   Check to see which DHCP packages are already installed.

   [root@studentvm2 ~]# dnf list installed dhcp∗

   Installed Packages

   dhcp-client.x86_64           12:4.3.6-28.fc29           @anaconda

   dhcp-common.noarch           12:4.3.6-28.fc29           @anaconda

   dhcp-libs.x86_64             12:4.3.6-28.fc29           @anaconda

   [root@studentvm2 ~]#

   This shows the DHCP client has been installed along with libraries and supporting files common to the client, server, and possibly the DHCP development packages.

    
4. 4.
   The DHCP server is not installed, so we need to install it. a

   [root@studentvm2 ~]# dnf install -y dhcp-server

   Last metadata expiration check: 2:39:06 ago on Wed 26 Dec 2018 12:19:46 PM EST.

   Dependencies resolved.

   ======================================================================

    Package       Arch     Version            Repository   Size

   ======================================================================

   Installing:

    dhcp-server   x86_64   12:4.3.6-28.fc29   fedora       431 k

   Transaction Summary

   ======================================================================

   Install  1 Package

   Total download size: 431 k

   Installed size: 1.2 M

   Downloading Packages:

   dhcp-server-4.3.6-28.fc29.x86_64.rpm       120 kB/s | 431 kB     00:03

   ----------------------------------------------------------------------

   Total                                       78 kB/s | 431 kB     00:05

   Running transaction check

   Transaction check succeeded.

   Running transaction test

   Transaction test succeeded.

   Running transaction

     Preparing        :                                        1/1

     Running scriptlet: dhcp-server-12:4.3.6-28.fc29.x86_64         1/1

     Installing       : dhcp-server-12:4.3.6-28.fc29.x86_64         1/1

     Running scriptlet: dhcp-server-12:4.3.6-28.fc29.x86_64         1/1

     Verifying        : dhcp-server-12:4.3.6-28.fc29.x86_64         1/1

   Installed:

     dhcp-server-12:4.3.6-28.fc29.x86_64

   Complete!

   [root@studentvm2 ~]#
    

That was easy and no reboot of the server, StudentVM2, is required.

Configuring the DHCP server

With the DHCP server installed, the next step is to configure the server. Having more than one DHCP server on the same network can cause problems because one would never know which DHCP server is providing the network configuration data to the client. However, a single DHCP server on one host can listen to multiple networks and provide configuration data to clients on more than one network.

It is possible for DHCP to provide DNS names for the gateway and other servers. For example, the NTP server could use the hostname of that server, such as NTP1 instead of the IP address. Most of the time this would work well, but this configuration might cause problems if the DNS name services server were to be disabled or if our own server does not exist, such as right at the moment.

The IP addresses specified in Figure 3-1 are the ones that we will assign to the hosts on our internal network. We do not need to assign the IP address for the router because that is configured by the virtual network. I have arbitrarily chosen these IP addresses and they will be used for the rest of this course.

Figure 3-1

The specific IP Address map for the server and the workstation on our network

Before configuring and starting the DHCP server on StudentVM2, we will turn off the DHCP server that is part of the virtual router.

Experiment 3-2

In this experiment, we create a fairly simple configuration file, start the DHCP server, and then test it by determining that StudentVM1 receives the correct network configuration information. Be absolutely certain to use the MAC addresses for the specific hosts on your virtual network. As the non-root user on your physical host, turn off the virtual network DHCP server to prevent conflict. You need to use the command line to do this. Use the VirtualBox Manager and click the menu bar, File ➤ Preferences to open the preferences dialog box.

Click the Network tab on the left side of the Preferences dialog. Then click StudentNetwork.

Remove the check mark from the Supports DHCP check box. Note that the existing IP address leases will remain in effect until they expire, the client host NICs are turned down and then up again, or the systems are rebooted. We are not turning off the StudentNetwork, just its DHCP server. Click OK and then again OK in the Preferences dialog.

Now we can configure the DHCP server on StudentVM2.

As root, let’s look at the existing dhcpd.conf file. Make /etc/dhcp the PWD and then cat the dhcpd.conf file to view the content. There is not much there, but it does point to an example file, /usr/share/doc/dhcp-server/dhcpd.conf.example, which you can read in order to understand the main components and syntax of the dhcpd.conf file.

The dhcpd.conf(5) man page also has some excellent descriptions of the various configuration statements that we are likely to need.

Open the dhcpd.conf file in a text editor – I prefer Vim, but use whichever editor you prefer – and we will add the statements required for our network in the steps below. Only the five lines shown in the following should exist in this file. We are going to add the lines we need as we proceed through this experiment.

#

# DHCP Server Configuration file.

#   see /usr/share/doc/dhcp-server/dhcpd.conf.example

#   see dhcpd.conf(5) man page

#

Add the following statements to the bottom of the dhcpd.conf file. This first section contains configuration items that are global – common to all subnets that DHCP is configured to provide for. In our case, we have only a single subnet, but we still place these statements in the global section because they are likely to be the same for all subnets. If they were to differ for a given subnet, placing a statement with different values in the subnet declaration will override the global declaration.

These first lines define the name of the domain, example.com, and the default domain name for DNS lookups to search when no domain is explicitly provided.

# option definitions common to all supported networks...

# These directives could be placed inside the subnet declaration

# if they are unique to a subnet.

option domain-name "example.com";

option domain-search "example.com";

This next line sets the virtual router as the domain name server (DNS). For now, be sure to use the IP address of the virtual router for your virtual network. We will change this entry in Chapter 5 when we add DNS services to our own server.

option domain-name-servers 10.0.2.1;

Now we set the default lease times in seconds

# All networks get the default lease times

default-lease-time 600;  # 10 minutes

max-lease-time 7200;     # 2 hours

#

Next add these lines, the last of which specifies that this is the authoritative DHCP server for this network.

# If this DHCP server is the official DHCP server for the local

# network, the authoritative directive should be uncommented.

authoritative;

Now we can add the declaration for our subnet. We also add a host declaration inside that subnet declaration to provide specific IP address configuration for the StudentVM1 host. Be sure to use the correct MAC address for the host studentvm1 in your setup.

############################################################

# This is a very basic subnet declaration.                 #

############################################################

subnet 192.168.56.0 netmask 255.255.255.0 {

        # default gateway

        option routers                  192.168.56.1;

        option subnet-mask              255.255.255.0;

############################################################

# Dynamic allocation range for otherwise unknown hosts     #

############################################################

        range dynamic-bootp 192.168.56.50 192.168.56.59;

############################################################

# Host declaration in the 192.168.56.0/24 subnet.          #

############################################################

        host studentvm1 {

                hardware ethernet 08:00:27:E1:0C:10;

                fixed-address 192.168.56.21;

        }

}

Note that the host declaration has curly braces, {}, around the configuration declarations. The curly braces for the subnet declaration also surround the host declaration because the host declarations need to be inside the subnet declaration.

Be sure to save the file which is now complete enough to test. To test the new DHCP configuration, first start the DHCP service, then configure it to start every time the server is rebooted. Lastly, verify that it is running.

[root@studentvm2 ~]# systemctl start dhcpd

[root@studentvm2 ~]# systemctl enable dhcpd

Created symlink /etc/systemd/system/multi-user.target.wants/dhcpd.service → /usr/lib/systemd/system/dhcpd.service.

[root@studentvm2 ~]# systemctl status dhcpd

• dhcpd.service - DHCPv4 Server Daemon

   Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; enabled; vendor preset: disabled)

   Active: active (running) since Thu 2019-07-18 14:45:05 EDT; 1min 36s ago

     Docs: man:dhcpd(8)

           man:dhcpd.conf(5)

 Main PID: 2334 (dhcpd)

   Status: "Dispatching packets..."

    Tasks: 1 (limit: 4696)

   Memory: 5.1M

   CGroup: /system.slice/dhcpd.service

           └─2334 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid

Jul 18 14:45:05 studentvm2.example.com dhcpd[2334]:

Jul 18 14:45:05 studentvm2.example.com dhcpd[2334]: No subnet declaration for enp0s3 (10.0.2.11).

Jul 18 14:45:05 studentvm2.example.com dhcpd[2334]: ∗∗ Ignoring requests on enp0s3.  If this is>

Jul 18 14:45:05 studentvm2.example.com dhcpd[2334]:    you want, please write a subnet declaration

Jul 18 14:45:05 studentvm2.example.com dhcpd[2334]:    in your dhcpd.conf file for the network s>

Jul 18 14:45:05 studentvm2.example.com dhcpd[2334]:    to which interface enp0s3 is attached. ∗∗

Jul 18 14:45:05 studentvm2.example.com dhcpd[2334]:

Jul 18 14:45:05 studentvm2.example.com dhcpd[2334]: Sending on   Socket/fallback/fallback-net

Jul 18 14:45:05 studentvm2.example.com dhcpd[2334]: Server starting service.

Jul 18 14:45:05 studentvm2.example.com systemd[1]: Started DHCPv4 Server Daemon.

You should see no errors from the status command but you will see a number of statements indicating the DHCP daemon is listening on a specific NIC and the MAC address of the NIC. If this information is not correct, verify that the dhcpd.conf file is correct and try to restart. If there are syntactical errors in your configuration, they will show up in the status report.

If StudentVM1 is already up and running, run the following commands to turn enp0s3 down and then back up.

[root@studentvm1 ~]# ip link set enp0s3 down ; ip link set enp0s3 up

If the StudentVM1 host is not already running, start it now. Nothing further will need to be done to obtain an IP address from the newly configured DHCP server.

Login to StudentVM1, open a terminal session, and su – to root.

Run this command to verify that the network is configured with the correct IP address. Note that the syntax of this command shows only the desired NIC and not any of the others that might be installed, including the lo local device.

[root@studentvm1 ~]# ip addr show dev enp0s3

2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000

    link/ether 08:00:27:e1:0c:10 brd ff:ff:ff:ff:ff:ff

    inet 192.168.56.21/24 brd 192.168.56.255 scope global dynamic noprefixroute enp0s3

       valid_lft 474sec preferred_lft 474sec

Verify the default route on StudentVM1 is correct.

[root@studentvm1 ~]# ip route

default via 192.168.56.1 dev enp0s3 proto dhcp metric 100

192.168.56.0/24 dev enp0s3 proto kernel scope link src 192.168.56.21 metric 100

On StudentVM1, verify connectivity to the StudentVM2 server using the ping command. The -c option specifies the number of ping requests to send, in this case 2. We need to specify the IP address of the server because we do not yet have a name server on this network.

[root@studentvm1 ~]# ping 192.168.0.1 -c 2

PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.

64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=0.229 ms

64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=0.216 ms

--- 192.168.0.1 ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 60ms

rtt min/avg/max/mdev = 0.216/0.222/0.229/0.016 ms

Access to the outside world from StudentVM1 will not be working because our name server is not yet up and running and StudentVM2 is not yet configured as a router.

[root@studentvm1 ~]# ping -c2 example.net

ping: example.net: Name or service not known

If the dhcpd.conf file is still open in your editor, close it now.

A reboot is not required for either the DHCP client or the server. No configuration changes were required on the client, StudentVM1, and simply turning down the NIC and bringing it back up again enabled it to obtain the configuration data from the new DHCP server.

Configuring guest hosts

Configuring the network settings for guest hosts such as laptops and other mobile devices is also possible with DHCP. This implies that we have no information such as the MAC address for these computers and that we must assign an IP address anyway.

In most cases, this usage for DHCP, despite the fact that it was the original intention for DHCP, requires a good bit of trust be afforded to the guest hosts. I personally dislike having guests on my own network, so I usually find a way to set up a second network subnet to which I relegate all guest hosts. This protects my own network and improves security because the guest hosts have no access to it.

There are times when it becomes necessary to include guest computers in a network. The use of DHCP makes that not just possible but also easy. All we need to do is introduce a short stanza into our subnet configuration.

Experiment 3-3

This experiment must be performed as root.

Insert the following lines in the subnet declaration for the 192.168.56.0/24 subnet but outside of any individual host declarations within that subnet. I added it immediately under the option subnet-mask line.

############################################################

# Dynamic allocation range for otherwise unknown hosts     #

############################################################

        range dynamic-bootp 192.168.56.50 192.168.56.59;

Restart the DHCP service to enable this change.

[root@studentvm2 ~]# systemctl restart dhcpd

Verify that there were no errors during the restart.

To test this DHCP guest allocation, create a brand new VM, StudentVM3 with a dynamically allocated 120GB hard drive and 4GB of RAM. Be sure the VM is in the StudentNetwork. Do not clone this VM from one of the other VMs we have already created. Boot to the Live USB image ISO file from which StudentVM1 was created. After the Live image boots, open a terminal session and verify that the network configuration is correct and that the IP address falls within the range specified in the declaration.

I have found that it is sometimes necessary to power off all open VMs and VirtualBox itself before restarting VirtualBox, then StudentVM2, and then the rest of the Student VMs in order to reset the VirtualBox DHCP server to off. This behavior is inconsistent and I have no current explanation for it. Just be aware that it can happen.

Perform some additional testing to ensure that network communication to the Internet is working properly.

After you have finished testing, you can power off the StudentVM3 virtual machine. Do not delete the VM you created for this test.

The dhcpd.conf file

The final dhcpd.conf file is shown in Figure 3-2.

Figure 3-2

The completed dhcpd.conf file

Chapter summary

DHCP is designed to provide network configuration data to client hosts on a network. This allows for centralization of network configuration management.

You now have a working DHCP server on StudentVM2. You have turned off the DHCP server embedded in the virtual router created for our virtual network to ensure that there are no conflicts between servers. You have tested the new DHCP server by using the StudentVM1 as a DHCP client to obtain the revised network configuration data from the new DHCP server. You have used typical Linux command line networking tools to verify that the new configuration is working properly.

A DHCP server can provide many configuration options to clients, including many required for Windows hosts that might connect to the network. This configuration data includes gateway routers, NTP servers, DNS servers, PXE boot servers, and much more. As we continue through this course, we will add configuration items for DNS and NTP servers to our DHCP configuration.

Exercises

1. 1.

   What is the function of DHCP?

    
2. 2.

   What five common configuration items are provided by DHCP to Linux hosts?

    
3. 3.

   How many name servers can be specified?

    
4. 4.

   Can servers and routers be specified by name as well as by IP address in the dhcpd.conf file? If so, what problems might arise?

    
5. 5.

   Based on the content of the DHCP configuration database we have created in this chapter, what IP address would likely be served to a new VM that booted up on the network?