DHCP: What’s behind the Dynamic Host Con­fig­ur­a­tion Protocol

These days, con­nect­ing devices to an existing TCP/IP network is really quite easy: you used to have to manually (and tediously) assign IP addresses by hand and then enter them into the various systems. This address man­age­ment now takes place auto­mat­ic­ally. The Dynamic Host Con­fig­ur­a­tion Protocol (DHCP) makes it possible for com­mu­nic­a­tion hardware (such as routers, hubs, or switches) to auto­mat­ic­ally assign an in­di­vidu­al address to con­nec­tion-seeking devices and integrate them into a network.

The Dynamic Host Con­fig­ur­a­tion Protocol is an extension of the Bootstrap Protocol (BOOTP) developed in 1985 that connects simple devices like terminals and work­sta­tions that don’t have a hard drive with a boot server. These devices then access your operating system over the server. DHCP was developed as a solution for larger networks and portable computers. It com­ple­ments BOOTP and others with the ability to auto­mat­ic­ally assign reusable network addresses as well as ad­di­tion­al con­fig­ur­a­tion options. After the first defin­i­tions of the protocol in the RFCs 1531 and 1541 (both 1993), the final standard spe­cific­a­tion was made official in 1997 in the RFC 2131. The Internet Assigned Numbers Authority (IANA) assigned UDP ports 67 and 68 (for IPv6: ports 546 and 547) to the com­mu­nic­a­tion protocol, which are also assigned for the Bootstrap Protocol.

Address as­sign­ment with DHCP operates according to the Client/Server principle: the con­nec­tion-seeking device requests an IP address con­fig­ur­a­tion from a DHCP server, which in turn accesses a database from which the network para­met­ers that need to be set are acquired. Among other things, this server, which is part of any modern DSL router, can assign the following settings to the client using its database in­form­a­tion:

• Unique IP address
• Subnet mask
• Standard gateway
• DNS server
• Proxy con­fig­ur­a­tion such as WPAD (Web Proxy Auto-Discovery Protocol)
  

Automatic address as­sign­ment via the Dynamic Host Con­fig­ur­a­tion Protocol proceeds in four con­sec­ut­ive steps:

1. To begin, send the client a DH­CP­DIS­COV­ER package with the target address 255.255.255.255 and the source address 0.0.0.0. With this so-called broadcast, all network users are contacted to locate available DHCP servers and inform them of the address request. Ideally, there’s only a single server so that there are no com­plic­a­tions with the as­sign­ment.
2. The broadcast answers all of the contacted DHCP servers that are listening on port 67 and waiting for cor­res­pond­ing requests with a DHCPOFFER package. In addition to a possible free IP address and the MAC address of the client, this also contains the subnet mask as well as the IP address and ID of the server.
3. The DHCP client chooses from the address data the one it wants and informs the desired server by means of a DH­C­PRE­QUEST. All other servers will also receive this message, even though they know that the choice has been made in favour of another provider. The client also asks the server for the ac­tiv­a­tion of the data that is being offered. In addition, the DH­C­PRE­QUEST is used to confirm the pre­vi­ously received para­met­ers.
4. Finally, the server confirms the TCP/IP para­met­ers and transmits them back to the client using a DHCPACK package (DHCP ac­know­ledged). This contains ad­di­tion­al in­form­a­tion — for example, about the DNS, SMTP, or POP3 server. The DHCP client now locally saves all of the data that was received and connects to the network. If the server is no longer available or the IP has been assigned to another client during the con­fig­ur­a­tion process, it responds with DHCPNAK (DHCP not ac­know­ledged).

The auto­mat­ic­ally given address is saved in com­bin­a­tion with the MAC address in the server’s database, at which time the con­fig­ur­a­tion is made permanent. The device always connects to the network with the assigned IP address, which is blocked for other clients. But this has the dis­ad­vant­age that new DHCP clients don’t receive an address if the entire address range has already been assigned — even if some of the IPs aren’t actively used anymore. Es­sen­tially, this is why dynamic IPs and some in cases, manual as­sign­ment via DHCP server, both of which will be discussed in the next section, are more wide­spread.

The problem of en­coun­ter­ing a com­pletely occupied address range is rather unlikely when using dynamic address as­sign­ment. In principle, this method largely resembles automatic as­sign­ment, but there is a small, subtle dif­fer­ence: The IP con­fig­ur­a­tions trans­mit­ted by the DHCP server aren’t valid in­def­in­itely, they come instead with an ad­min­is­trat­or-defined lease. This specifies how long the device can access the network with the re­spect­ive IP address. Before this time window expires, standard clients have to request an extension by sending another DH­C­PRE­QUEST package. If this doesn’t happen, then there is no so-called DHCP refresh and the server makes the address in question available again.

While ad­min­is­trat­ors don’t have much to do with either the automatic or the dynamic as­sign­ment options, the situation is com­pletely different with manual ad­dress­ing. With this method, which is also referred to as static DHCP, the available IP addresses are assigned manually to specific MAC addresses by means of the DHCP server. There is no re­stric­tion on the validity period.

Because of the increased effort in the ad­min­is­tra­tion, which defeats the purpose of the Dynamic Host Con­fig­ur­a­tion Protocol, this type of as­sign­ment only makes sense for very small ap­plic­a­tion scenarios. For example, static IPs are necessary if server services are hosted on the computer in question and computer is also available to other network users at any time. It’s important for port for­ward­ing that the IP address remains unchanged as well.

In order for the IP addresses assigned by the clients to be given their fully qualified names in the domain, a DNS server needs to provide name res­ol­u­tion. If a pre­vi­ously entered address or host name is changed, the name server needs an update. With the con­stantly changing IP addresses that come from dynamic as­sign­ment via a DHCP server. Manual im­ple­ment­a­tion would be very time-consuming for the ad­min­is­trat­or of the network, as well as for the user who wants to connect to the internet with their devices at home. But thanks to DHCP servers, neither has to deal with the updates necessary for dynamic al­loc­a­tion, since the servers take care of the in­form­a­tion exchange and update the DNS server as soon as a new IP address has been assigned.

One weakness of the Dynamic Host Con­fig­ur­a­tion Protocol is that it’s fairly easy to ma­nip­u­late: Since the client contacts all potential DHCP servers, it is possible, for example, for attackers to bring their own provider into play if you have access to that network. One such “rogue” DHCP server tries to be faster than the actual server with its response to the con­nec­tion request of the client. If suc­cess­ful, it can then transmit ma­nip­u­lated or unusable para­met­ers. To do this, it can start a denial-of-service attack on the network, for example, by not trans­mit­ting a gateway, assigning a subnet to each client, or re­spond­ing to all requests with the same IP address. A more dramatic scenario would be the attempt to use a false gateway and false DNS in­form­a­tion to inject a foreign router that cuts off or even redirects the data traffic of the client. One such man-in-the-middle attack aims — as opposed to the first type of attack — not to crash the network, but to access sensitive data like bank data, passwords, or address in­form­a­tion. Re­gard­less of the type of attack, strangers need direct access to your network to abuse the DHCP protocol for their purposes. If you take the necessary safety pre­cau­tions, you can take advantage of the benefits of the com­mu­nic­a­tion protocol with having to fear such attacks. To be re­spons­ible for a larger local network, the complete pro­tec­tion from external and internal attack attempts as well as the constant mon­it­or­ing of all network process with tools like Nagios should already be part of your routine. In IONOS’s guide on the topic of Wi-Fi security, you can read more about which pos­sib­il­it­ies there are for pro­tect­ing your wireless networks.

If you want to join a local or wireless network with your device, you usually access the Dynamic Host Con­fig­ur­a­tion Protocol auto­mat­ic­ally without having to make any changes to the network settings. Computers with Microsoft Windows operating systems, for example, have long been pre-set to act as DHCP clients who auto­mat­ic­ally obtain their IP addresses. By default, this uses the dynamic as­sign­ment style, in which the con­fig­ur­a­tions have to be extended regularly or are assigned again after expiring. In local networks, using the cor­res­pond­ing DHCP server settings, the automatic as­sign­ment of fixed address in­form­a­tion can also be used.

If you would like to test the current settings of the address as­sign­ment or disable DHCP and switch to a manual option, you can do so with the steps described below — the one condition is that you have to have ad­min­is­trat­or rights.

• If you intend to disable DHCP, you should always give a fixed IP address and a subnet mask (default 255.255.255.0) in this step. You define the potential address range for the IP in the settings of the DHCP server, which you can request, for example, via the user interface of your router, since it acts as a server. There, you can also switch off the DHCP server and the address as­sign­ment via the protocol.

• To disable DHCP, it’s again necessary to enter the cor­res­pond­ing settings in the server you’re using.

• To disable DHCP on Windows 10, you have to access the interface of your DHCP server and enter the cor­res­pond­ing settings there.