DHCPD
DHCPD (Dynamic Host Configuration Protocol Daemon) is the server component of the Internet Systems Consortium's (ISC) open-source ISC DHCP software, which implements the DHCP network protocol for automatically assigning IP addresses and other configuration parameters to client devices on TCP/IP networks.[1] Developed to simplify network administration by eliminating the need for manual IP address configuration, DHCPD responds to client requests by allocating addresses from predefined pools and providing details such as subnet masks, default gateways, and DNS server information.[2]
The ISC DHCP project, including DHCPD, originated in the late 1990s as an effort to provide a robust, standards-compliant implementation of DHCP following the protocol's initial standardization in RFC 1531 in October 1993.[3] The first release of the ISC DHCP server occurred in December 1997, authored by Ted Lemon and Vixie Enterprises for ISC, with subsequent versions in June 1999 adding client and relay agent capabilities to create a full DHCP suite.[4][5] Over time, the software incorporated support for DHCPv6 to handle IPv6 address assignment, debuting in version 4.0 released in December 2007, aligning with RFC 3315 for IPv6-specific extensions.[6]
DHCPD's core functionality is managed through the dhcpd.conf configuration file, which defines subnets, IP address pools, lease durations, and options like vendor-specific parameters or boot file names for PXE booting.[7] It records active leases in a log-structured dhcpd.leases file to prevent address conflicts and support features such as lease renewal and release.[8] Advanced capabilities include dynamic DNS (DDNS) updates to synchronize IP assignments with DNS records, failover mechanisms for redundant servers to ensure high availability, and relay agent support for forwarding DHCP messages across network segments.[7] These features made DHCPD a staple in enterprise and Linux-based environments, including distributions from Red Hat, Ubuntu, and Debian.[9][10]
Despite its widespread adoption, ISC declared the end-of-life (EOL) for the ISC DHCP distribution, including DHCPD, in October 2022, with maintenance ceasing by December 2022 after the final releases of versions 4.4.3-P1 and 4.1-ESV-R16-P2.[4] The decision stemmed from resource constraints and the need to focus on modern requirements, leading ISC to develop Kea as the successor DHCP server, which offers improved modularity, JSON-based configuration, and ongoing enhancements for both DHCPv4 and DHCPv6.[11] As of November 2025, ISC DHCP continues to be distributed and maintained with backported security fixes by major operating system vendors, including Red Hat, Ubuntu, and Debian, though users are still encouraged to migrate to Kea for official upstream support.[12][13][14][15][1]
Introduction
Definition and Purpose
DHCPD, or the DHCP daemon, is an open-source software implementation developed by the Internet Systems Consortium (ISC) that serves as a background process for providing Dynamic Host Configuration Protocol (DHCP) server functionality on Unix-like systems.[2] As a daemon, it runs continuously in the background, listening for and responding to client requests without direct user intervention, making it suitable for automated network environments.[2]
The primary purpose of DHCPD is to dynamically assign IP addresses, subnet masks, default gateways, DNS server addresses, and other essential network parameters to client devices on a local area network (LAN), thereby simplifying network administration by eliminating the need for manual configuration of each device.[2][16] This automation reduces administrative overhead, minimizes errors from static assignments, and supports scalable deployment in environments ranging from small offices to large enterprises.[16] By managing these assignments through temporary leases, DHCPD ensures efficient use of the available IP address pool while maintaining network stability.[2]
For DHCPv4, DHCPD operates using the User Datagram Protocol (UDP), listening on port 67 as the server port and communicating with clients on port 68; for DHCPv6, it listens on UDP port 547 as the server/relay port while clients use port 546.[2][16][17] This positions it as the authoritative source for lease information and configuration within the network. In a typical interaction, when a client broadcasts a DHCPDISCOVER message to locate available servers, DHCPD responds with a DHCPOFFER packet that includes proposed lease details, such as the IP address and lease duration, initiating the lease negotiation process.[2][16] This implementation adheres to the DHCP protocol standards, enabling seamless integration with diverse client hardware and operating systems.[16]
Relation to DHCP Protocol
DHCPD, developed by the Internet Systems Consortium (ISC), serves as a reference implementation of the Dynamic Host Configuration Protocol (DHCP) standards, ensuring compatibility with core protocol specifications for automated network configuration. It adheres to RFC 2131, which defines DHCP for IPv4 networks, enabling the server to dynamically assign IPv4 addresses, subnets, and related parameters to clients on local networks.[2] Similarly, DHCPD supports RFC 3315 for DHCPv6, facilitating IPv6 address assignment and configuration options such as prefixes and delegated prefixes to IPv6-enabled devices, thus providing dual-stack interoperability in modern networks.[3][17]
As the server-side component of the DHCP protocol, DHCPD participates in the foundational DORA process—Discover, Offer, Request, and Acknowledge—to negotiate and manage IP address leases with clients. In this sequence, DHCPD responds to a client's DHCPDISCOVER broadcast with a DHCPOFFER containing available address options, processes the client's DHCPREQUEST to confirm selection, and finalizes the lease via DHCPACK, ensuring reliable address allocation without manual intervention.[2] This implementation aligns precisely with the protocol's client-server messaging model, promoting seamless integration across diverse network environments.
DHCPD fully supports standard DHCP options as outlined in the protocol specifications, allowing administrators to convey essential network details to clients. For instance, it handles option 3 to specify default routers (gateways) and option 6 to provide Domain Name System (DNS) server addresses, enhancing client connectivity and name resolution.[18] Additionally, through its configuration file, DHCPD enables vendor-specific extensions, permitting customized options for specialized deployments.[7]
Although the DHCP protocol itself is designed to be implementation-agnostic, DHCPD incorporates ISC-specific enhancements that extend functionality while maintaining standards compliance. These include built-in support for failover protocols between multiple DHCP servers to ensure high availability during lease management, as well as dynamic DNS (DDNS) updates compliant with RFC 2136 for automatic registration of client hostnames in DNS zones.[2][7] Such features bolster the protocol's robustness in enterprise settings without deviating from core interoperability requirements.
History and Development
Origins and Initial Releases
The development of DHCPD, the open-source Dynamic Host Configuration Protocol (DHCP) server, began in 1995 under the Internet Systems Consortium (ISC), with the first code commit by primary developer Ted Lemon on November 29, 1995, at the suggestion of Paul Vixie to complement ISC's BIND 8 DNS software.[19][4] By 1996, Lemon had become active in the IETF Dynamic Host Configuration Working Group (DHCWG), contributing to the evolution of the DHCP protocol as defined in RFC 2131, which built on earlier BOOTP limitations.[20] This effort was part of ISC's broader mission to maintain reference implementations of key internet protocols, providing free, open-source tools for network administrators.[21]
Early prototypes and beta versions emerged in 1996, with patches and diffs documented in ISC's FTP archives, reflecting iterative testing on Unix-like systems to automate IP address assignment amid the rapid expansion of TCP/IP networks in the late 1990s.[22] The first public distribution of ISC DHCP, including the server component, was released in December 1997, followed by the official version 1.0 in June 1998.[4][3]
Version 2.0, released in June 1999, marked a significant initial milestone by introducing a DHCP client and relay agent alongside the server, motivated by the need to address static IP configuration challenges in growing enterprise environments where manual management became impractical.[3][4] These early releases focused primarily on Unix-like operating systems, enabling dynamic lease allocation to streamline network operations without proprietary dependencies.[3]
Evolution of Versions
The ISC DHCP server, commonly known as DHCPD, underwent significant evolution through its major version series, with the 3.x branch spanning from 2001 to 2012 and focusing on enhanced reliability and management features, while the 4.x series, from 2007 to 2022, emphasized IPv6 integration and ongoing security hardening.[4][3]
The 3.x series, beginning with version 3.0 released in October 2001, introduced critical advancements such as support for the DHCP failover protocol, which enabled redundant server configurations to prevent single points of failure in IP address assignment, and the integration of OMAPI (Open Management API) in version 3.0 for remote administration and state querying of the DHCP server and client.[4][23][24] This series continued with releases like 3.1-ESV (Extended Support Version) in 2010, providing long-term stability patches until its end-of-support in 2012, addressing issues such as memory leaks in OMAPI usage.[25][26]
Transitioning to the 4.x series, version 4.0 in December 2007 marked the initial addition of full DHCPv6 support, including server, client, and relay agent functionality for IPv6 address management, with subsequent releases like 4.1 in 2008 and beyond refining DHCPv6 operations through improved prefix delegation and stateful addressing to better align with IETF standards.[3][27] The 4.1-ESV branch, launched for extended stability in enterprise environments, received maintenance up to its final patch, 4.1-ESV-R16-P2 in October 2022, which included fixes for buffer overruns in lease parsing among other security updates.[4][28] The series culminated in the overall final release, 4.4.3-P1, on October 5, 2022, incorporating security patches for vulnerabilities like denial-of-service issues in packet handling.[4][29]
Key enhancements across versions included the license transition to the Mozilla Public License (MPL) 2.0 starting with 4.4.0 in 2018 and formalized in 4.4.1, improving compatibility for redistribution and modification while maintaining open-source principles.[30][31] Throughout its lifecycle, ISC issued regular security advisories, addressing over 20 Common Vulnerabilities and Exposures (CVEs), primarily focused on buffer overflows—such as those in log handling (CVE-2004-0460) and DHCPv6 responses (CVE-2012-3570)—and denial-of-service vectors in client and server components, ensuring robustness against remote exploitation attempts.[32][33][28]
Technical Architecture
Core Components
The ISC DHCP server, commonly known as dhcpd, is structured around three primary components that form the foundation of its operation: the dhcpd binary as the main executable, the dhcpd.conf configuration file, and the dhcpd.leases file as the persistent lease database.[2][7][8] The dhcpd binary implements the core server functionality, handling incoming DHCP requests and responses in accordance with the protocol's state transitions, such as DISCOVER, OFFER, REQUEST, and ACK.[2] It operates as a daemon that, by default, forks into the background to detach from the controlling terminal, ensuring continuous operation unless explicitly configured otherwise with the -f flag.[2]
At its heart, dhcpd employs a single-process daemon model, where the main process listens for incoming UDP broadcasts on port 67, processes client requests through an internal state machine that manages protocol interactions, and responds accordingly.[2] This architecture integrates with system libraries, such as those for socket programming and networking (e.g., BSD sockets via libc), to handle packet reception, parsing, and transmission without relying on specialized DHCP libraries.[2] Upon receiving a request, the state machine evaluates the client's needs against the loaded configuration, selects an appropriate IP address from available pools if applicable, and updates the lease database atomically to prevent corruption—typically by writing changes to a temporary file before renaming it to the main leases file.[2][8]
The dhcpd.conf file serves as the central repository for server parameters, including subnet declarations, IP address ranges, and option definitions that guide lease assignments and client configurations.[7] Loaded at startup or reload, it dictates the server's behavior across networks, ensuring consistency in how requests are fulfilled. Meanwhile, dhcpd.leases maintains a record of all active and expired leases in a structured text format, preserving state across server restarts and enabling recovery of ongoing assignments.[8]
For reliability, dhcpd incorporates robust error handling by logging issues, warnings, and informational messages to syslog, facilitating diagnostics in production environments.[2] Signal management further enhances operational control; for instance, sending a SIGHUP signal triggers the daemon to reread the configuration file without interrupting service, allowing seamless updates to dhcpd.conf.[2] This combination of components and mechanisms ensures dhcpd's efficiency in managing dynamic IP allocations in diverse network settings.
Lease Management System
The lease management system in DHCPD relies on a text-based file named dhcpd.leases to store and maintain a persistent database of assigned IP addresses. This file uses a log-structured format, appending new or updated lease declarations at the end without rewriting existing entries, which ensures efficient updates and minimizes corruption risks. Each lease entry is enclosed in curly braces and includes key details such as the assigned IP address, the client's MAC address via the hardware ethernet field, lease duration implied by start and end timestamps (e.g., starts 1 2023/10/10 12:00:00; ends 1 2023/10/11 12:00:00;), and additional metadata like client hostname if provided. To support atomic updates, DHCPD writes changes to a temporary file before renaming it to dhcpd.leases, creating a backup copy suffixed with ~ (e.g., dhcpd.leases~) for recovery in case of interruptions.[8]
IP address renewal and expiration in DHCPD follow the standard DHCP protocol, where clients initiate renewal at 50% of the lease duration (T1 timer) by sending a unicast DHCPREQUEST to the allocating server, and rebind at 87.5% (T2 timer) via broadcast if renewal fails. The server identifies the requesting client primarily through the chaddr field in the DHCP message, which contains the client's hardware (MAC) address, enabling accurate lease matching and extension via a DHCPACK response that updates the end timestamp in the lease file. Expired leases are automatically reclaimed after the end time passes, freeing the IP for reallocation, while active leases persist until explicitly released or renewed.[34]
DHCPD employs pool-based allocation to manage IP addresses dynamically from subnets defined in the configuration file, where each subnet or shared-network block contains one or more pool statements specifying a range of addresses (e.g., range 192.168.1.100 192.168.1.200;) for general distribution. Reservations for static mappings are handled via host declarations that associate a specific client's hardware address with a fixed-address IP within or outside the pool, ensuring the address is reserved exclusively for that MAC upon request. This mechanism prevents conflicts by checking the lease database before assigning addresses from the pool.[7]
Lease persistence is a core feature, allowing DHCPD to retain active leases across server restarts by loading the dhcpd.leases file upon startup, avoiding disruptions to connected clients. In failover configurations with paired servers, lease synchronization occurs in real-time, with the primary server updating the secondary's database to maintain identical lease states; this uses the DHCP failover protocol (as defined in the Internet-Draft draft-ietf-dhc-failover) for load balancing and consistency during partner failures or restarts.[8][35][36]
Features
Basic DHCP Services
The ISC DHCP daemon (DHCPD) provides core Dynamic Host Configuration Protocol (DHCP) services to automate network configuration for clients on IPv4 networks. At its foundation, DHCPD supports automatic assignment of IP addresses from predefined pools within subnet declarations, ensuring clients receive unique addresses without manual intervention. This process follows the DHCP protocol as defined in RFC 2131, where the server responds to client DISCOVER messages with an OFFER containing an available IP address.[34] Alongside IP assignment, DHCPD provisions essential parameters such as the subnet mask via DHCP option 1 and the default gateway (router) via option 3, enabling clients to join the network and route traffic appropriately.[34] These services form the baseline for dynamic addressing in local area networks, reducing administrative overhead in environments with numerous devices.[2]
To accommodate legacy systems, DHCPD includes compatibility with the Bootstrap Protocol (BOOTP), as specified in RFC 951, allowing it to serve BOOTP clients alongside modern DHCP ones in mixed environments. BOOTP clients, which lack the lease renewal mechanisms of DHCP, are explicitly declared in the configuration and receive fixed addresses without dynamic leasing. This backward compatibility ensures seamless operation for older diskless workstations or embedded devices that rely on BOOTP for initial bootloading, without requiring separate servers.[2]
DHCPD handles both broadcast and unicast traffic to support client-server interactions across local and relayed networks. Broadcast messages, such as DHCPDISCOVER and DHCPOFFER, are used for initial address requests on the local subnet, while unicast is employed for renewals once a client has an assigned address.[34] For scenarios spanning multiple subnets, DHCPD integrates with relay agents that forward requests, including support for the Relay Agent Information option (option 82) per RFC 3046, which embeds subnet-specific details to inform accurate address allocation.[37] This relay capability extends basic services beyond broadcast domains, facilitating centralized DHCPD deployment in routed networks.[18]
Lease management in DHCPD, which underpins these services, allows configurable durations per address pool to balance resource reuse and stability; for dynamic addresses, default lease times are 43200 seconds (12 hours), though this can be adjusted based on network needs.[38] The lease system tracks assignments in memory and on disk, preventing conflicts while enabling automatic reclamation of expired addresses.[39]
Advanced Capabilities
ISC DHCPD extends its core IP address assignment functionality through several advanced features that enhance remote management, integration with other network services, and reliability in complex environments.
The Object Management Application Programming Interface (OMAPI) provides a remote programming layer for controlling and querying the DHCP server's state, allowing administrators to interact with objects such as leases and hosts over a network connection.[40] OMAPI enables operations like adding, updating, or deleting leases and host records without direct access to the server, supporting scripted automation for dynamic network management.[40] The omshell command-line client facilitates these interactions by establishing a secure TCP/IP connection to the server, where users can issue commands to retrieve lease details or modify configurations in real time.[41]
Dynamic DNS (DDNS) updates allow ISC DHCPD to automatically register or modify DNS records in conjunction with IP lease assignments, integrating seamlessly with ISC BIND to maintain consistent hostname-to-IP mappings.[42] This feature complies with RFC 4702, which defines the DHCP client Fully Qualified Domain Name (FQDN) option for negotiating update responsibilities between clients and servers, using flags to specify whether the server should update A records, PTR records, or both.[43] By gathering client identifiers like DUIDs and FQDNs during lease processes, the server verifies ownership via DHCID resource records and performs updates to BIND, ensuring automatic resolution without manual intervention.[42]
The failover protocol enables peer-to-peer coordination between two DHCP servers to share a common address pool, providing high availability by allowing seamless lease handoff during failures.[35] In this setup, a primary and secondary server synchronize lease databases in real time using a proprietary protocol, with each typically managing about half the available addresses to avoid conflicts.[44] If the primary server becomes unavailable, the secondary enters a partner-down state, reclaims unallocated addresses over a maximum client lead time (MCLT), and continues serving clients without interruption, thereby minimizing downtime in production networks.[35]
Vendor class options support device-specific configurations by allowing the server to identify and tailor responses based on client-provided vendor information, enhancing customization for diverse hardware.[45] The vendor-class-identifier option (code 60, per RFC 2132) carries a string that matches against server-defined classes, enabling selective assignment of parameters like boot files or TFTP servers.[45] For example, PXE clients identify themselves with "PXEClient" in this option, prompting the server to provide next-server and bootfile-name options for network booting and automated installations.[45]
Configuration and Operation
Configuration Files and Syntax
The primary configuration file for the ISC DHCP server daemon, known as dhcpd, is typically located at /etc/dhcp/dhcpd.conf on Unix-like systems, where administrators define the server's behavior, including network scopes, address pools, and client-specific options.[7] This file employs a hierarchical, declarative syntax that structures configurations into blocks enclosed in curly braces { }, allowing nested definitions for logical organization.[7]
The syntax distinguishes between declarations, which establish scopes such as subnet, pool, host, and shared-network; parameters, which set global or scoped values like default-lease-time 3600;; and expressions, which enable conditional logic for dynamic responses, such as if statements to match client attributes.[7] For instance, a basic subnet declaration might appear as follows:
[subnet](/page/Subnet) 192.168.1.0 netmask 255.255.255.0 {
[range](/page/Range) 192.168.1.100 192.168.1.200;
option routers 192.168.1.1;
}
[subnet](/page/Subnet) 192.168.1.0 netmask 255.255.255.0 {
[range](/page/Range) 192.168.1.100 192.168.1.200;
option routers 192.168.1.1;
}
This block defines an address range for dynamic allocation and specifies a default gateway option for clients within that subnet.[7]
The shared-network declaration groups multiple subnets sharing the same physical network, facilitating address pool management across them, as in shared-network localnet { [subnet](/page/Subnet) 10.0.0.0 netmask 255.255.0.0 { ... } [subnet](/page/Subnet) 192.168.0.0 netmask 255.255.255.0 { ... } }.[7] Host-specific reservations use the host declaration with fixed-[address](/page/Address) to bind a static IP to a client's hardware address, for example: host client1 { [hardware](/page/Hardware) ethernet 00:11:22:33:44:55; fixed-[address](/page/Address) 192.168.1.10; }.[7] Options, defined via the option keyword, customize DHCP responses, such as option domain-name-servers 8.8.8.8, 8.8.4.4;.[7]
Expressions add flexibility, allowing configurations like if (option dhcp-client-identifier) { fixed-address 192.168.1.50; } to conditionally assign addresses based on client attributes.[7] For modular setups, the include directive incorporates external files, e.g., include "/etc/dhcp/subnets.conf";, enabling segmented management of complex configurations.[7] All statements end with a semicolon, and comments use the # symbol, ensuring readability in larger deployments.[7]
Starting and Managing the Daemon
The ISC DHCP server daemon, dhcpd, is typically launched from the command line by invoking dhcpd followed by one or more network interface names, such as dhcpd eth0, which binds the daemon to the specified interfaces and requires root privileges to operate.[2] For foreground execution and debugging, the -f flag prevents the process from daemonizing and forking into the background, while the -d flag directs log output to standard error instead of syslog, allowing real-time monitoring of startup and operational messages.[39] On modern Linux distributions using systemd, such as Ubuntu, the daemon is managed as a service named isc-dhcp-server.service, started with sudo systemctl start isc-dhcp-server.service, and can be enabled for boot-time activation via sudo systemctl enable isc-dhcp-server.service.[14]
Once running, the daemon can be managed through Unix signals sent to its process ID, stored in /var/run/dhcpd.pid. Sending a SIGHUP signal prompts dhcpd to reread its configuration file without restarting, facilitating updates to lease policies or address pools during operation.[2] For a graceful shutdown, a SIGTERM (signal 15) is issued, after which the daemon can be restarted by reinvoking the dhcpd command or, in systemd environments, using sudo systemctl restart isc-dhcp-server.service.[39] Log monitoring is primarily handled through the syslog facility, with default messages logged under the LOG_DAEMON priority to /var/log/syslog on many systems, enabling administrators to track lease assignments, errors, and server events using tools like tail -f /var/log/syslog | grep dhcpd.[39]
Troubleshooting often begins with configuration and lease file validation using command-line flags before full startup. The -t option tests the syntax of the dhcpd.conf file without binding to any network interfaces, while -T performs a similar syntax check on the dhcpd.leases file, writing results to a temporary output without altering the original.[39] Interface binding is achieved by passing interface names directly as arguments (e.g., dhcpd -f -d eth0), ensuring the daemon listens only on specified devices to avoid unintended broadcasts.[2] For dual-stack environments, the -6 flag enables DHCPv6 mode, allowing the daemon to handle IPv6 address assignments alongside IPv4 via separate invocations or configurations.[39] A frequent operational error is "no free leases," which occurs when all addresses in a configured pool are exhausted or unclaimed due to expired leases not being reclaimed promptly, resolvable by expanding the pool range in the configuration or monitoring lease file growth.[46]
Supported Operating Systems
The ISC DHCP server, developed by the Internet Systems Consortium (ISC), is designed primarily for Unix-like operating systems, where it has been widely deployed since its inception. It supports a range of platforms including Linux distributions, various BSD variants, Solaris, and macOS, allowing administrators to configure it as a DHCP server, relay, or client for both IPv4 and IPv6 networks.[47][1]
On Linux, ISC DHCP is compatible with all major distributions such as Ubuntu, Debian, Red Hat Enterprise Linux, and Fedora, where pre-built packages are available through standard repositories like APT or YUM, facilitating easy integration into server environments.[14][48] For BSD systems, it runs on FreeBSD, NetBSD, and OpenBSD, often installed via ports collections or packages, with full support for their native networking stacks. Solaris (including Oracle Solaris) and macOS, typically requiring building from source or installation via third-party package managers such as Homebrew or MacPorts, as official pre-built packages are not provided.[49][50]
Compatibility across these platforms is achieved through standard build processes, such as using the autotools-based ./configure && make sequence for compilation from source tarballs, ensuring portability on Unix-like kernels. Pre-built binaries are commonly found in distribution repositories—for instance, via apt install isc-dhcp-server on Ubuntu or ports on BSD systems—while source builds handle custom configurations or older hardware. There is no official native support for Microsoft Windows, though unofficial ports exist via Cygwin, allowing limited functionality in a POSIX emulation environment; however, ISC recommends against production use on Windows due to stability concerns.[47][51][1]
IPv6 support, including DHCPv6 server, client, and relay capabilities, has been fully integrated on these Unix-like systems since version 4.0, released in 2007, enabling dual-stack deployments without platform-specific modifications. Resource requirements remain minimal, with the server typically consuming under 10 MB of RAM for small networks (up to a few hundred clients) and scaling efficiently to thousands of clients on modest hardware, such as systems with 128 MB RAM or more, depending on lease file size and traffic volume.[3][48][52] This lightweight footprint ties into straightforward installation methods across supported platforms, as detailed in subsequent deployment guides.[53]
Installation Methods
The ISC DHCP server (dhcpd) can be installed on supported Unix-like operating systems primarily through distribution package managers or by compiling from source code provided by the Internet Systems Consortium (ISC). Package-based installation is recommended for most users as it handles dependencies and integrates with system services automatically.[1]
On Debian-based distributions like Debian and Ubuntu, use the Advanced Package Tool (APT) to install the server package:
sudo apt update
sudo apt install isc-dhcp-server
sudo apt update
sudo apt install isc-dhcp-server
This command retrieves and installs the isc-dhcp-server package from the distribution repositories, including the dhcpd binary and default configuration files.[54][10]
For Red Hat-based systems such as Red Hat Enterprise Linux (RHEL), CentOS, or Fedora, the package is available via Yellowdog Updater, Modified (YUM) on older releases or DNF on newer ones. On RHEL 7 and compatible systems, execute:
sudo yum install dhcp
sudo yum install dhcp
On RHEL 8 and later or Fedora:
sudo dnf install dhcp-server
sudo dnf install dhcp-server
These commands install the DHCP server components, including dhcpd, and place configuration files in /etc/dhcp/.[55][56]
To install from source, first download the latest release tarball (e.g., version 4.4.3-P1, the final maintenance release) from the ISC download archives at https://downloads.isc.org/isc/dhcp/. Unpack the archive using:
gunzip dhcp-4.4.3-P1.tar.gz
[tar](/page/Tar) xvf dhcp-4.4.3-P1.tar
[cd](/page/.cd) dhcp-4.4.3-P1
gunzip dhcp-4.4.3-P1.tar.gz
[tar](/page/Tar) xvf dhcp-4.4.3-P1.tar
[cd](/page/.cd) dhcp-4.4.3-P1
Prepare the build environment if needed by running autoreconf -i for libtool support, then configure the build with options such as --enable-dhcpv6 to include IPv6 support:
./configure --enable-dhcpv6
./configure --enable-dhcpv6
Compile and install with:
make
sudo make install
make
sudo make install
This process requires standard development tools like GCC and Make, and optionally BIND libraries for dynamic DNS features. The binaries will be installed to /usr/local/sbin/ by default.[57][58]
Post-installation steps vary by distribution but often include setting up service files and permissions. On Debian-based systems, edit or create /etc/default/isc-dhcp-server to define listening interfaces, for example:
INTERFACESv4="eth0"
INTERFACESv4="eth0"
Additionally, ensure lease database files are writable by the server process; create the directory if necessary and set ownership:
sudo mkdir -p /var/lib/dhcp
sudo touch /var/lib/dhcp/dhcpd.[lease](/page/Lease)s
sudo [chown](/page/Chown) dhcpd:dhcpd /var/lib/dhcp/dhcpd.leases
sudo mkdir -p /var/lib/dhcp
sudo touch /var/lib/dhcp/dhcpd.[lease](/page/Lease)s
sudo [chown](/page/Chown) dhcpd:dhcpd /var/lib/dhcp/dhcpd.leases
The dhcpd user and group are created by the package installation; manual creation may be needed for source builds.[54][59]
To confirm the installation, invoke the version flag:
This outputs the compiled version and build details, such as "isc-dhcpd-4.4.3-P1".[2]
End-of-Life and Transition
EOL Announcement and Reasons
The Internet Systems Consortium (ISC) officially announced the end-of-life (EOL) for its DHCP server software, known as ISC DHCP or DHCPD, in 2022, with the final maintenance releases occurring on October 5, 2022.[4] These releases, versions 4.4.3-P1 and 4.1-ESV-R16-P2, marked the conclusion of all updates, bug fixes, and security patches from ISC, though the organization noted a potential exception for any significant new security vulnerabilities discovered post-EOL.[4] As of September 2025, ISC confirms all versions of ISC DHCP are EOL with no further support, though some operating system packagers may still distribute it without ISC-provided updates.[47] Prior to this, ISC had indicated plans to cease maintenance by the end of 2022, aligning with the broader discontinuation of active development.[47]
The primary reasons for discontinuing ISC DHCP centered on the aging codebase, which originated in the 1990s and had become increasingly difficult to maintain and modify without introducing risks.[4] The software's mature but monolithic design lacked modern testability features, leading to fewer changes over recent years due to the high potential for unintended consequences in updates.[4] Additionally, ISC shifted its development resources toward Kea, a more modular and actively maintained successor initiated in 2015, to better address evolving network needs and improve long-term sustainability.[4] This transition reflected broader resource allocation priorities at ISC following the software's decades of service.
A key aspect of ISC DHCP's longevity was its Extended Support Version (ESV) branch, such as 4.1-ESV, which provided long-term stability and security updates for enterprise users until its EOL in 2022.[47] However, the absence of new features and the accumulating maintenance challenges ultimately rendered continued support unsustainable.[4] The EOL has significant implications for users, who are strongly advised by ISC to migrate to alternative solutions, as any vulnerabilities identified after October 2022—for instance, issues like the refcount overflow in lease queries (CVE-2022-2928) that were addressed in the final release—would receive no further patches, potentially exposing networks to unmitigated risks.[4][60]
Migration to Successor Software
Kea serves as the designated successor to the ISC DHCP server (commonly referred to as DHCPD), developed by the Internet Systems Consortium (ISC) as a modern, modular replacement released in September 2014.[11] Designed to address limitations in the legacy software, such as scalability and configuration flexibility, Kea uses JSON-based configuration files and supports advanced features like high availability and dynamic DNS updates, with significant feature enhancements reaching broader compatibility by version 2.0 in early 2022. As of June 2025, Kea released version 3.0 as its first Long-Term Support (LTS) version, providing three years of maintenance for enhanced stability in production environments.[61] Following the end-of-life announcement for ISC DHCP in 2022, organizations are encouraged to transition to Kea to maintain security and support. As of 2025, major platforms such as pfSense and OPNsense have integrated Kea, aiding widespread adoption.[62][63]
The migration process begins with exporting active leases from the ISC DHCP database, which can be accomplished using the omshell utility to query and dump lease data or through custom scripts tailored to the deployment's lease file format.[64] These leases must then be converted into Kea's supported formats, such as CSV or directly into a backend database, using tools like the KeaMA Leases utility provided by ISC.[65] Next, the dhcpd.conf configuration file is translated to Kea's JSON structure via the isc-dhcp-to-kea tool or the comprehensive Kea Migration Assistant (KeaMA), which automates much of the syntax mapping but requires manual review for complex options like subclassing or vendor-specific data.[64] Administrators should consult ISC's official Kea migration guide for detailed syntax mappings and common pitfalls.[66]
Handling differences in data storage is a key consideration, particularly when shifting from ISC DHCP's flat-file lease storage to Kea's versatile backends, such as memfile (for simplicity), MySQL, PostgreSQL, or Cassandra for high-volume environments. For instance, leases can be imported into a MySQL database using Kea's built-in loader scripts after schema setup, enabling seamless querying and persistence. Testing the migrated setup in parallel with the running ISC DHCP instance—by configuring Kea to serve a separate subnet or VLAN—allows validation of address assignments, option delivery, and failover behavior without disrupting production traffic.[67]
Kea's RESTful API provides a significant advantage during transition, enabling runtime configuration updates and lease manipulations without full restarts, which minimizes downtime compared to ISC DHCP's reload mechanisms.[68] For large networks, a phased rollout is recommended: start with non-critical segments, monitor lease migrations and client renewals over several days, then progressively expand to core subnets while maintaining ISC DHCP as a fallback until full cutover.[67] This approach, detailed in ISC's documentation, ensures reliability and facilitates rollback if issues arise.[64]
Comparisons and Alternatives
ISC DHCP vs. Kea
ISC DHCP, the original daemon developed by the Internet Systems Consortium (ISC), features a monolithic architecture written primarily in C, utilizing a single configuration file (dhcpd.conf) for both DHCPv4 and limited DHCPv6 operations.[1] In contrast, Kea employs a modular design implemented in C++, with separate daemons for DHCPv4, DHCPv6, and Dynamic DNS (DDNS), configured via JSON files that enable easier parsing and dynamic updates.[11] This modularity in Kea is further enhanced by its hooks framework, which allows loading dynamically linked libraries to extend functionality at specific processing points, such as custom lease management or client classification, without recompiling the core server.[69]
Both implementations support key features like failover protocols and DDNS updates, but their approaches differ significantly. ISC DHCP relies on a protocol-based failover mechanism for DHCPv4, synchronizing states between primary and secondary servers, while Kea uses a hooks-based High Availability (HA) library that supports both DHCPv4 and DHCPv6, often leveraging shared databases for lease replication in active-passive or load-balanced setups.[70] Kea introduces high-performance database integrations via hooks libraries, such as libdhcp_pgsql.so for PostgreSQL backends, enabling scalable storage of leases, hosts, and configurations that outperform file-based systems in large environments.[69] Additionally, Kea provides more robust IPv6 support through its dedicated DHCPv6 server, including prefix delegation and full compliance with modern standards, whereas ISC DHCP offers only basic DHCPv6 capabilities.[67] ISC DHCP maintains an edge in handling legacy BOOTP clients through its native compatibility with RFC 951, though Kea addresses this via an optional BOOTP hooks library for RFC 1497 queries.[71]
Performance-wise, Kea's multi-threaded architecture delivers much higher throughput on modern hardware compared to ISC DHCP's single-threaded model, particularly in high-volume scenarios with short lease times, as demonstrated in ISC's internal benchmarks.[67] For instance, Kea facilitates easier scaling through online reconfiguration via a REST API, avoiding the need for server restarts that are common with ISC DHCP's signal-based reloads.[11]
A notable shift in licensing occurs with Kea, which adopts the Mozilla Public License 2.0 (MPL 2.0)—a file-level copyleft license that permits commercial forks and modifications while requiring source disclosure for changed files—compared to ISC DHCP's more permissive ISC license (similar to the 2-clause BSD).[72] This change in Kea supports broader commercial adaptations. Migration from ISC DHCP to Kea is aided by the Kea Migration Assistant (KeaMA) tool, which automates much of the configuration translation from dhcpd.conf to JSON, though users must relearn the API for advanced hooks and management.[67]
Comparison with Other DHCP Servers
ISC DHCPD, the server component of the ISC DHCP implementation, distinguishes itself through its open-source nature and robust feature set tailored for mid-sized to large deployments, but it lacks a graphical user interface and relies on text-based configuration files secured primarily through file permissions.[2] In contrast, Microsoft DHCP, integrated into Windows Server, emphasizes enterprise integration with a GUI-driven management console and role-based access control for security, making it suitable for Active Directory environments.[73] dnsmasq offers a lightweight alternative optimized for small to medium networks, such as embedded systems or home routers, with simple configuration and low resource usage, though it lacks native failover support.[74] Cisco IOS DHCP, embedded within network hardware like routers and switches, provides device-integrated address assignment without requiring separate servers, but its capabilities are constrained to the hardware's processing limits and do not include built-in failover.[75]
A key strength of DHCPD is its failover protocol, which enables load balancing and redundancy between two servers managing the same address pool, enhancing reliability in high-availability setups.[35] This contrasts with dnsmasq's emphasis on simplicity, where configuration occurs via a single file with straightforward options, ideal for environments with fewer than 1,000 clients but without equivalent redundancy features.[74] Microsoft DHCP supports failover through protocol-based replication or split scopes, integrated with Windows clustering for scalability in large enterprises.[73] Cisco IOS DHCP achieves redundancy by deploying multiple non-overlapping pools across devices rather than true failover, suiting hardware-centric network designs.[75]
All modern implementations, including DHCPD, support IPv6 via DHCPv6 for stateful address assignment and prefix delegation, ensuring compatibility with dual-stack networks.[2] DHCPD was the default DHCP server in major Linux distributions such as Ubuntu (as of 24.04) and earlier versions of Red Hat Enterprise Linux (up to RHEL 9), contributing to its widespread adoption in open-source server environments. As of Red Hat Enterprise Linux 10 (released May 2024), Kea has replaced ISC DHCP as the default.[10][76][15]
| Criterion | ISC DHCPD | Microsoft DHCP | dnsmasq | Cisco IOS DHCP |
|---|
| Open-source | Yes[1] | No[73] | Yes[74] | No[75] |
| Scalability | Mid-to-large (high-volume, high-reliability) | Enterprise (multiple scopes, AD integration)[73] | Small-to-medium (up to 1,000 leases default)[74] | Device-bound (pools limited by hardware)[75] |
| IPv6 Support | Yes (DHCPv6, prefix delegation)[2] | Yes (stateful/stateless)[73] | Yes (DHCPv6, RA, prefix delegation)[74] | Yes (DHCPv6 in modern IOS)[75] |
| Failover | Yes (protocol-based, load balancing)[35] | Yes (replication, split scopes)[73] | No (manual redundancy required)[74] | No (multiple servers with non-overlapping pools)[75] |
| GUI | No (text config)[2] | Yes (Server Manager, DHCP console)[73] | No (config file)[74] | CLI/Web (device-dependent)[75] |
| Security Model | File permissions, network controls[2] | Role-based access, AD authorization[73] | File permissions, lease limits[74] | Device ACLs, authentication[75] |