The Dynamic Host Configuration Protocol (DHCP) is a computer networking protocol

used by devices (DHCP clients) which dynamically distributes the IP address to the
destination host. RFC 1531 initially defined DHCP as a standard-track protocol in
October 1993, succeeding the Bootstrap Protocol (BOOTP). The next update, RFC 2131
released in 1997 is the current DHCP definition for Internet Protocol version 4 (IPv4)
networks. The extensions of DHCP for IPv6 (DHCPv6) were published as RFC 3315.

The Internet Protocol Suite

Application Layer
BGP · DHCP · DNS · FTP · GTP · HTTP · IMAP ·
IRC · Megaco · MGCP · NNTP · NTP · POP · RIP ·
RPC · RTP · RTSP · SDP · SIP · SMTP · SNMP ·
SOAP · SSH · Telnet · TLS/SSL · XMPP · (more)
Transport Layer
TCP · UDP · DCCP · SCTP · RSVP · ECN · (more)
Internet Layer
IP (IPv4, IPv6) · ICMP · ICMPv6 · IGMP · IPsec ·
(more)
Link Layer
ARP/InARP · NDP · OSPF · Tunnels (L2TP) · PPP ·
Media Access Control (Ethernet, DSL, ISDN,
FDDI) · (more)
This box: view • talk • edit
1.1 Contents
 1 Technical overview
 2 Technical details
o 2.1 DHCP discovery
o 2.2 DHCP offer
o 2.3 DHCP request
o 2.4 DHCP acknowledgment
o 2.5 DHCP information
o 2.6 DHCP releasing
o 2.7 Client configuration parameters
o 2.8 Options
o 2.9 DHCP Relaying
 3 Security
 4 See also
 5 References
 6 External links

1.2 Technical overview

Dynamic Host Configuration Protocol automates network-parameter assignment to

network devices from one or more fault-tolerant DHCP servers. Even in small networks,
DHCP is useful because it can make it easy to add new machines to the network.

When a DHCP-configured client (a computer or any other network-aware device)

connects to a network, the DHCP client sends a broadcast query requesting necessary
information from a DHCP server. The DHCP server manages a pool of IP addresses and
information about client configuration parameters such as default gateway, domain name,
the DNS servers, other servers such as time servers, and so forth. On receiving a valid
request, the server assigns the computer an IP address, a lease (length of time the
allocation is valid), and other IP configuration parameters, such as the subnet mask and
the default gateway. The query is typically initiated immediately after booting, and must
complete before the client can initiate IP-based communication with other hosts.

Depending on implementation, the DHCP server may have three methods of allocating
IP-addresses:

 dynamic allocation: A network administrator assigns a range of IP addresses to

DHCP, and each client computer on the LAN has its IP software configured to
request an IP address from the DHCP server during network initialization. The
request-and-grant process uses a lease concept with a controllable time period,
allowing the DHCP server to reclaim (and then reallocate) IP addresses that are
not renewed (dynamic re-use of IP addresses).
 automatic allocation: The DHCP server permanently assigns a free IP address to a
requesting client from the range defined by the administrator. This is like dynamic
allocation, but the DHCP server keeps a table of past IP address assignments, so
 that it can preferentially assign to a client the same IP address that the client
previously had.
 static allocation: The DHCP server allocates an IP address based on a table with
MAC address/IP address pairs, which are manually filled in (perhaps by a
network administrator). Only requesting clients with a MAC address listed in this
table will be allocated an IP address. This feature (which is not supported by all
routers) is variously called Static DHCP Assignment (by DD-WRT), fixed-
address (by the dhcpd documentation), DHCP reservation or Static DHCP (by
Cisco/Linksys), and IP reservation or MAC/IP binding (by various other router
manufacturers).

1.3 Technical details

DHCP uses the same two ports assigned by IANA for BOOTP: 67/udp for the server
side, and 68/udp for the client side.

DHCP operations fall into four basic phases: IP discovery, IP lease offer, IP request, and
IP lease acknowledgment.

1.3.1 DHCP discovery

The client broadcasts messages on the physical subnet to discover available DHCP
servers. Network administrators can configure a local router to forward DHCP packets to
a DHCP server on a different subnet. This client-implementation creates a User Datagram
Protocol (UDP) packet with the broadcast destination of 255.255.255.255 or the specific
subnet broadcast address.

A DHCP client can also request its last-known IP address (in the example below,
192.168.1.100). If the client remains connected to a network for which this IP is valid, the
server might grant the request. Otherwise, it depends whether the server is set up as
authoritative or not. An authoritative server will deny the request, making the client ask
for a new IP immediately. A non-authoritative server simply ignores the request, leading
to an implementation-dependent timeout for the client to give up on the request and ask
for a new IP address.

1.3.2 DHCP offer

When a DHCP server receives an IP lease request from a client, it reserves an IP address
for the client and extends an IP lease offer by sending a DHCPOFFER message to the
client. This message contains the client's MAC address, the IP address that the server is
offering, the subnet mask, the lease duration, and the IP address of the DHCP server
making the offer.

The server determines the configuration based on the client's hardware address as
specified in the CHADDR (Client Hardware Address) field. Here the server, 192.168.1.1,
specifies the IP address in the YIADDR (Your IP Address) field.
 1.3.3 DHCP request

A client can receive DHCP offers from multiple servers, but it will accept only one
DHCP offer and broadcast a DHCP request message. Based on the Transaction ID field
in the request, servers are informed whose offer the client has accepted. When other
DHCP servers receive this message, they withdraw any offers that they might have made
to the client and return the offered address to the pool of available addresses.

1.3.4 DHCP acknowledgment

When the DHCP server receives the DHCPREQUEST message from the client, the
configuration processes enters its final phase. The acknowledgement phase involves
sending a DHCPACK packet to the client. This packet includes the lease duration and
any other configuration information that the client might have requested. At this point,
the IP configuration process is complete.

The protocol expects the DHCP client to configure its network interface with the
negotiated parameters.

DHCPDISCOVER DHCPOFFER DHCPREQUEST DHCPACK

UDP Src=0.0.0.0 UDP UDP Src=0.0.0.0 UDP
sPort=68 Src=192.168.1.1 sPort=68 Src=192.168.1.1
Dest=255.255.255.2 sPort=67 Dest=255.255.255.2 sPort=67
55 dPort=67 Dest=255.255.255.2 55 dPort=67 Dest=255.255.255.2
HTY HL HO 55 dPort=68 HTY HL HO 55 dPort=68
OP OP
PE EN PS HTY HL HO PE EN PS HTY HL HO
OP OP
0x0 PE EN PS 0x0 PE EN PS
0x01 0x06 0x00 0x01 0x06 0x00
1 0x0 0x0 1 0x0
0x01 0x06 0x01 0x06 0x00
XID 2 0 XID 2
0x3903F326 XID 0x3903F326 XID
SECS FLAGS 0x3903F326 SECS FLAGS 0x3903F326
0x0000 0x0000 SECS FLAGS 0x0000 0x0000 FLA
SECS
CIADDR 0x0000 0x0000 CIADDR GS
0x00000000 CIADDR 0x00000000 0x0000 0x0000
YIADDR 0x00000000 YIADDR CIADDR (Client IP
0x00000000 YIADDR 0x00000000 Address)
SIADDR 0xC0A80164 SIADDR 0x00000000
0x00000000 SIADDR 0x00000000 YIADDR (Your IP
0x00000000 Address)
GIADDR GIADDR
GIADDR 0xC0A80164
0x00000000 0x00000000
0x00000000 SIADDR (Server IP
CHADDR CHADDR
Address)
0x00053C04 CHADDR 0x00053C04
0x00000000
0x8D590000 0x00053C04 0x8D590000
GIADDR (Gateway
0x00000000 0x8D590000 0x00000000
IP Address
0x00000000 0x00000000 0x00000000 switched by relay)
192 octets of 0's. 0x00000000 192 octets of 0's. 0x00000000
BOOTP legacy 192 octets of 0's. BOOTP legacy CHADDR (Client
Magic Cookie BOOTP legacy Magic Cookie Hardware Address)
0x63825363 Magic Cookie 0x63825363 0x00053C04
DHCP Options 0x63825363 DHCP Options 0x8D590000
DHCP option 53: DHCP Options DHCP option 53: 0x00000000
DHCP Discover DHCP option 53: DHCP Request 0x00000000
DHCP option 50: DHCP Offer DHCP option 50: 192 octets of 0's.
192.168.1.100 DHCP option 1: 192.168.1.100 BOOTP legacy
requested 255.255.255.0 requested Magic Cookie
DHCP option 55: subnet mask DHCP option 54: 0x63825363
Parameter Request DHCP option 3: 192.168.1.1 DHCP DHCP Options
List: 192.168.1.1 router server. DHCP option 53:
DHCP option 51: IP DHCP ACK
Request Subnet lease time in DHCP option 1:
Mask (1), Router seconds, 1 day = 255.255.255.0
(3), Domain Name 86400 s subnet mask
(15), DHCP option 54: DHCP option 3:
192.168.1.1 DHCP 192.168.1.1 router
Domain Name server
Server (6) DHCP option 51: 1
DHCP option 6: day IP lease time
DNS servers DHCP option 54:
9.7.10.15, 9.7.10.16, 192.168.1.1 DHCP
9.7.10.18 server
DHCP option 6:
DNS servers
9.7.10.15, 9.7.10.16,
9.7.10.18

After the client obtains an IP address, the client may use the Address Resolution Protocol
(ARP) to prevent IP conflicts caused by overlapping address pools of DHCP servers.

1.3.5 DHCP information

A DHCP client may request more information than the server sent with the original
DHCPOFFER. The client may also request repeat data for a particular application. For
example, browsers use DHCP Inform to obtain web proxy settings via WPAD. Such
queries do not cause the DHCP server to refresh the IP expiry time in its database.

1.3.6 DHCP releasing

The client sends a request to the DHCP server to release the DHCP information and the
client deactivates its IP address. As client devices usually do not know when users may
unplug them from the network, the protocol does not mandate the sending of DHCP
Release.

1.3.7 Client configuration parameters

A DHCP server can provide optional configuration parameters to the client. RFC 2132
describes the available DHCP options defined by Internet Assigned Numbers Authority
(IANA) - DHCP and BOOTP PARAMETERS.

A DHCP client can select, manipulate and overwrite parameters provided by a DHCP
server.[1]

1.3.8 Options

An option exists to identify the vendor and functionality of a DHCP client. The
information is a variable-length string of characters or octets which has a meaning
specified by the vendor of the DHCP client. One method that a DHCP client can utilize to
communicate to the server that it is using a certain type of hardware or firmware is to set
a value in its DHCP requests called the Vendor Class Identifier (VCI) (Option 60). This
method allows a DHCP server to differentiate between the two kinds of client machines
and process the requests from the two types of modems appropriately. Some types of set-
top boxes also set the VCI (Option 60) to inform the DHCP server about the hardware
type and functionality of the device. The value that this option is set to give the DHCP
server a hint about any required extra information that this client needs in a DHCP
response.

1.3.9 DHCP Relaying

In small networks DHCP typically uses broadcasts. However, in some circumstances,

unicast addresses will be used, for example: when networks have a single DHCP server
that provides IP addresses for multiple subnets. When a router for such a subnet receives
a DHCP broadcast, it converts it to unicast (with a destination MAC/IP address of the
configured DHCP server, source MAC/IP of the router itself). The GIADDR field of this
modified request is populated with the IP address of the router interface on which it
received the original DHCP request. The DHCP server uses the GIADDR field to identify
the subnet of the originating device in order to select an IP address from the correct pool.
The DHCP server then sends the DHCP OFFER back to the router via unicast. The router
then converts the DHCP OFFER back to a broadcast, sent out on the interface of the
original device.

1.4 Security

The basic DHCP protocol became a standard before network security became a
significant issue: it includes no security features, and is potentially vulnerable to two
types of attacks:[2]
  Unauthorized DHCP Servers: as you cannot specify the server you want, an
unauthorized server can respond to client requests, sending client network
configuration values that are beneficial to the attacker. As an example, a hacker
can hijack the DHCP process to configure clients to use a malicious DNS server
or router (see also DNS cache poisoning).
 Unauthorized DHCP Clients: By masquerading as a legitimate client, an
unauthorized client can gain access to network configuration and an IP address on
a network it should otherwise not be allowed to use. Also, by flooding the DHCP
server with requests for IP addresses, it is possible for an attacker to exhaust the
pool of available IP addresses, disrupting normal network activity (a denial of
service attack).

To combat these threats RFC 3118 ("Authentication for DHCP Messages") introduced
authentication information into DHCP messages, allowing clients and servers to reject
information from invalid sources. Although support for this protocol is widespread, a
large number of clients and servers still do not fully support authentication, thus forcing
servers to support clients that do not support this feature. As a result, other security
measures are usually implemented around the DHCP server (such as IPsec) to ensure that
only authenticated clients and servers are granted access to the network.

Addresses should be dynamically linked to a secure DNS server, to allow troubleshooting

by name rather than by a potentially unknown address.[citation needed] Effective DHCP-DNS
linkage requires having a file of either MAC addresses or local names that will be sent to
DNS that uniquely identifies physical hosts, IP addresses, and other parameters such as
the default gateway, subnet mask, and IP addresses of DNS servers from a DHCP server.
The DHCP server ensures that all IP addresses are unique, i.e., no IP address is assigned
to a second client while the first client's assignment is valid (its lease has not expired).
Thus IP address pool management is done by the server and not by a network
administrator.