Set Up DHCP Server¶
This guide will walk you through configuring your DHCP server to provide IP addresses to your physical hosts based on their MAC address. We opt to use:
- A static DHCP range with explicit entries for your physical hosts, that is, a specific MAC will always get a specific IP address and hostname.
- A dynamic DHCP range for everyone else in the network, for example, the admin’s laptop.
Note
You will use dnsmasq on your bootstrap host to act as DHCP server. If you already have a DHCP server in your infrastucture, configure it accordingly.
Fast Forward
If you already have a DHCP server and configured it for your physical hosts, proceed to the What’s Next section.
What You’ll Need¶
- A bootstrap host.
- A network subnet for your physical hosts.
- (Optional) A router, a DNS server and a domain name.
For each physical host:
- a MAC address
- an IP address
- a hostname
Procedure¶
Go to your bootstrap host and install the necessary packages, if you don’t have them already on your system:
root@host:~# apt-get update root@host:~# apt-get install -y dnsmasqDisable DNS. Copy the following configuration snippet and paste it in
/etc/dnsmasq.d/dns.conf
.# Disable DNS Server port=0 # Listen on all interfaces bind-interfacesConfigure the static DHCP range. Copy the following configuration snippet and paste it in
/etc/dnsmasq.d/dhcp.conf
.# Enable DHCP logging log-dhcp # Respond to DHCP requests for the specified network # only for specified dhcp-host entries. dhcp-range=set:nodes,192.168.2.0,static # netmask dhcp-option=tag:nodes,1,255.255.255.0 # router dhcp-option=tag:nodes,3,192.168.2.1 # dns-server dhcp-option=tag:nodes,6,192.168.2.1 # domain-name dhcp-option=tag:nodes,15,internalImportant
Replace the IP addresses for the subnet, netmask, router, DNS server, and the domain name based on your setup.
See also
Configure the static entries. For each physical host, append
/etc/dnsmasq.d/dhcp.conf
with an entry that looks like the following.dhcp-host=set:nodes,aa:8c:dc:40:33:e1,192.168.2.51,node1,infiniteImportant
Replace the MAC address, IP address, hostname and lease time based on your setup. Note this mapping, as you will later need the IP address of each host in order to connect to it.
Optional
Configure the dynamic DHCP range. Append
/etc/dnsmasq.d/dhcp.conf
with the following snippet.dhcp-range=set:nodes,192.168.200.0,192.168.200.250,1hImportant
Replace the IP range based on your setup.
Restart the service:
root@host:~# service dnsmasq restart
Verify¶
Go to your bootstrap host and install the necessary packages, if you don’t have them already on your system:
root@host:~# apt-get update root@host:~# apt-get install -y nmapNote
For version 7.40 (Debian stretch) patch
/usr/share/nmap/nselib/dhcp.lua
as pointed in https://github.com/nmap/nmap/issues/1909#issuecomment-583109074.Test the DHCP service:
root@host:~# nmap --script broadcast-dhcp-discover Pre-scan script results: | broadcast-dhcp-discover: | Response 1 of 1: | IP Offered: 192.168.2.200 | DHCP Message Type: DHCPOFFER | Server Identifier: 192.168.2.2 | IP Address Lease Time: 2m00s | Renewal Time Value: 1m00s | Rebinding Time Value: 1m45s | Broadcast Address: 192.168.2.255 | Subnet Mask: 255.255.255.0 | Domain Name Server: 192.168.2.3 | Domain Name: internal |_ Router: 192.168.2.1Note
In older nmap versions the script uses a static MAC address. As such, you will get an DHCPOFFER from the dynamic range. Use nmap 7.80 and pass
--script-args mac=aa:8c:dc:40:33:e1
to test the static DHCP range (see also https://github.com/nmap/nmap/issues/1838).
Summary¶
You have successfully configured your DHCP server.