DHCP server is used for automatic assignment of IP addresses to devices in a network. This article outlines the minimum steps to be performed on CentOS to setup DHCP server.
Assuming that you have freshly installed a machine with CentOS 7 ISO image and machine has been assigned a static IP address. I have attached two disk to this virtual machine. Disk 1 will be used for operating system. Disk 2 will be used for setting up local CentOS repositories later on.
Based on the recommendation of CIS benchmarking standards, I have allocated space to file systems according to following scheme.
Disk 1 of 80GB Filesystem Size / 20 GB swap 4 GB /boot 1 GB /tmp 8 GB /home 15 GB /var 15 GB /var/log 14 GB /var/log/audit 8 GB Disk 2 of 60GB Filesystem Size /var/www/ 60 GB
Install and enable EPEL repository which provides packages for testing of dhcp server as well as monitoring tools like htop.
yum install epel-release -y
Update the system via yum. This will take some time if you are using older ISO image.
yum update -y
Once update is complete, we can reboot the system however, I would make changes at this point to disable Selinux.
sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
Reboot the system
reboot
Install few of the helper tools. These are optional but can help you in quickly finding files and command completion.
yum install bash-completion mlocate -y && updatedb
source /etc/profile.d/bash_completion.sh
Install DHCP package via yum.
yum install dhcp.x86_64 -y
Enable the required firewall access for dhcp service.
firewall-cmd --add-service=dhcp --permanent
Reload the firewall to allow the incoming dhcp traffic.
firewall-cmd --reload
You can check the allowed ports and services using following command.
firewall-cmd --list-all
Enable the dhcp service on startup.
systemctl enable dhcpd.service
Copy/paste the following lines to setup sample configuration for dhcp server. This configuration is allowing those clients to get IP address from this dhcp server whose mac addresses are allowed and are assigned static IP address i.e. whenever the device with listed mac address ask for IP, it will always get same IP.
cat > /etc/dhcp/dhcpd.conf <<EOF
#------------------------------------------------------
authoritative;
default-lease-time 600;
max-lease-time 7200;
option domain-name-servers 8.8.8.8, 8.8.4.4;
option domain-name "induslevel.com";
option ntp-servers lhr-ntp1.induslevel.com,lhr-ntp2.induslevel.com;
subnet 172.16.99.0 netmask 255.255.255.0 {
option broadcast-address 172.16.99.255;
option routers 172.16.99.1;
filename "/pxelinux.0";
pool {
range 172.16.99.150 172.16.99.230;
}
group {
next-server lhr-pxe1.induslevel.com;
host tclient110 {
hardware ethernet 00:0c:29:d3:a1:d1;
fixed-address 172.16.99.110;
option host-name "tclient110.induslevel.local";
}
host tclient120 {
hardware ethernet 00:21:cc:6c:2e:42;
fixed-address 172.16.99.120;
option host-name "tclient120.induslevel.local";
}
}
}
deny unknown-clients;
EOF
Start the dhcp service and check the status.
systemctl start dhcpd.service && systemctl status dhcpd.service
Following is the brief description of statement used in dhcpd.conf.
| Statement | Description |
|---|---|
| authoritative | This indicate that the DHCP server should send DHCPNAK messages to mis-configured clients |
| default-lease-time | The time variable is the length in seconds that will be assigned to a lease if the client requesting the lease does not ask for a specific expiration time |
| max-lease-time | The time variable is the maximum time in seconds that will be assigned to a lease |
| option domain-name-servers | DNS servers available to the client |
| option domain-name | The domain name that the client should use when resolving DNS hostnames |
| option ntp-servers | Lists IP addresses/hostname indicating NTP servers available to the client |
| subnet | A subnet declaration is required for each subnet, even if no addresses will be dynamically allocated on that subnet |
| option broadcast-address | The broadcast address in use on the client’s subnet |
| option routers | IP addresses for routers on the client’s subnet i.e. default gateway of the client |
| filename | The name of the initial boot file that is to be loaded by a client (used for booting from network) |
| pool | Pool used for defining range of IP |
| range | The range statement specifies the IP addresses that may be allocated to clients within a defined scope |
| group | The group scope may include individual hosts, shared networks, subnets, or even other groups |
| next-server | It specifies the host address of the server from which the initial boot file is to be loaded |
| host | The host keyword signifies that any following statements are to be applied to a unique host machine on the network |
| hardware ethernet | MAC address of the client |
| fixed-address | This statement assigns one or more fixed IP addresses to a client |
| option host-name | The client’s name |
| deny unknown-clients | This flag tells dhcpd not to dynamically assign addresses to unknown clients. |
To check if the dhcp server is assigning IP correctly, you can use nagios check_dhcp plugin available in EPEL repo.
yum install nagios-plugins-dhcp.x86_64 -y
If the dhcp server has IP address 172.16.99.254, then use following command.
/usr/lib64/nagios/plugins/check_dhcp -i ens192 -m 00:0c:29:d3:a1:d1 -s 172.16.99.254
In next article, we will configure tftp server which will provide initial booting files to network connected computer for unattended operating system installation and hardening.
Great job.