DHCP is a network protocol that allows devices on a network to find and connect to servers that provide DNS services. DHCP clients use DHCP servers to find and connect to networks, and DHCP servers use DNS to resolve hostnames into IP addresses. DHCP is used by most computers on the network, but it can also be used by routers and other devices on the network. To configure a local DHCP server, you first need to understand how DHCP works. Then you can create a configuration file for your local DHCP server. DHCP is used in two ways: when clients want to find a server that provides DNS services, and when routers want to resolve hostnames into IP addresses. When clients want to find a server that provides DNS services, they send an inquiry request (IRE) through their network interface (NIC) asking for information about available servers. The NIC then sends back an answer (DNS response) with information about the available servers. When routers want to resolve hostnames into IP addresses, they look up the hostname in the configuration file of an available server and use that information in place of the client’s original hostname when resolving IREs from clients. To configure your local DHCP server, you first need to understand how DHCP works. Next, you can create a configuration file for your localDHCPserver using one of several formats: text/plain; text/xml; or application/xml. You can also use one of several tools for creating configuration files: dnsmasq; dhcpcd; or dhcpcd -i /etc/resolvconf -p 8192 -c /etc/dhcpd/dhcpd-client-configuration
DHCP (Dynamic Host Configuration Protocol) is the process by which network devices acquire IP addresses. Your network’s DHCP server is responsible for assigning each new device a unique address. Addresses can be static or dynamic, the latter meaning they’re issued on a short lease basis so each device’s IP may change over time.
The router acts as the DHCP server in most small networks. Setting up Dnsmasq on a Linux box gives you control over the process, as well as improved visibility into any errors that occur.
Preparing Dnsmasq
Dnsmasq is included with most Linux distributions. You can usually add the dnsmasq package if it’s not present on yours. The standard config file is located at /etc/dnsmasq.conf; you may also add files to the /etc/dnsmasq.d directory if you want to keep your settings separate to the defaults.
Dnsmasq usually listens on all your network interfaces. If you want to use a specific interface, set this now by adding or uncommenting the following line in your config file:
DNS server functionality is enabled by default. You can turn it off by changing the port to 0:
Dnsmasq is now ready to operate in DCHP-only mode.
Configuring Your DHCP Server
The DHCP server is activated by specifying a DHCP IP address range:
This example instructs Dnsmasq to offer IP addresses between 192.168.0.101 and 192.168.0.150 in the 255.255.255.0 subnet. Issued IPs will have a lease lifetime of six hours, after which clients will need to request a renewed lease.
You should alter the above parameters to suit your network’s requirements. It’s advisable to adjust the DHCP range so it excludes any IP addresses you plan to statically assign to devices. This will ensure a device receiving dynamic leases can never be issued a “reserved” address.
Used like this, your Dnsmasq server will become the default gateway on your devices when they receive an IP address. If you’re not setting up DNS too, you should change this so Dnsmasq stops offering itself as a gateway.
Change the IP address to that of your router. Your devices will now be able to use the router as normal after they’ve acquired an IP address from Dnsmasq.
Setting Up Static IPs
You can set up static IP addresses within the Dnsmasq config file. This lets you centralize your IP reservations, instead of scattering them across networking files on individual devices.
To assign a static IP, use the dhcp-host instruction. This takes a MAC address and a hostname and IP to assign:
Here the device with MAC ab:cd:ef:12:34:56 is given the hostname example-host and a fixed IP of 192.168.0.10. The lease duration is set to infinite to ensure no renewal is needed and the IP will never change.
To set up additional static IPs, simply repeat the dhcp-host instruction as many times as you need. At minimum, consider adding an explicit DHCP host for your router so you can reliably access it with a fixed IP. This should match the value you assigned in the dhcp-option line above.
You can load host information from a separate file or directory with the –dhcp-hostsfile and –dhcp-hostsdir options. In the case of a directory, Dnsmasq will automatically load new changes without needing to be restarted.
Using Your DHCP Server
Once you’re done setting up Dnsmasq, test its configuration to make sure your changes are valid:
Next restart the Dnsmasq service to apply your changes:
Disable your router’s built-in DHCP server. Then set your router or your client devices to use your Dnsmasq server’s IP for DHCP. The steps will vary by router manufacturer so refer to your device’s documentation if you get lost.
Now your instance is operational as your network’s DHCP server, you should be able to force an IP address renewal on your devices to receive a lease from Dnsmasq. Either restart the networking service, systemctl restart networking, or use ifdown and ifup to drop and reestablish your connection.
Dnsmasq records issued IP addresses in its leases file. You can inspect this file to see active devices on your network and check IPs are being leased correctly:
If you encounter errors, view the Dnsmasq service logs to see what’s wrong:
Authoritative Mode
A challenge you might have when introducing your server to an existing network is devices timing out when renewing their IPs. Each client will send its previous IP to the DHCP server, enabling the same IP to be issued if it’s still available. In the case of a fresh Dnsmasq instance, it will have no record of the existing client/IP pair so the request will be ignored.
The client will eventually timeout and submit a new request, this time asking for any available IP address. The second request will succeed but the timeout window can be quite long, potentially causing a noticeable delay during startup or networking stack initialization.
Adding this line to your config file solves this problem if Dnsmasq will be the only DHCP server in your network:
Authoritative mode instructs Dnsmasq to accept requests from clients even if they claim to have previously held an IP it has no record of. The client will still be admitted to the network and granted an IP, removing the need to make two requests separated by a lengthy timeout.
Adjusting Other Settings
A few other settings are worthy of mention:
Dnsmasq usually hashes each client’s MAC address to determine the IP they receive. This means clients generally receive the same IP address each time they connect, even if no static host has been configured. Setting the dhcp-sequential-id option means Dnsmasq will issue IPs in sequential numerical order instead, starting from the beginning of your specified IP range.
This setting controls how many concurrent leases Dnsmasq will issue. The default is 1000. If you’re on a small network, consider decreasing this value to protect Dnsmasq from denial-of-service attacks. Compromised hosts could send malicious DHCP requests to create thousands of redundant leases.
Change the port numbers used for DHCP servers and clients. The default ports are 67 and 68; these should not normally be changed unless your network infrastructure requires it.
Change the file path used to store DHCP lease information. It defaults to /var/lib/misc/dnsmasq.leases.
Summary
Dnsmasq is easy to set up as a simple DHCP server for your local network. It can operate alongside or independently of the software’s DNS functionality.
Despite being an intentionally lightweight server, Dnsmasq supports many different config options to facilitate more complex installations. You can use these to set up DHCP relays and proxies, adjust Dnsmasq’s conformance to the DHCP specification, and add custom scripts that will be executed when leases are created and destroyed. These facilities let you quickly evolve an experimental Dnsmasq instance into a hardened one more suitable for production-grade use in larger networks.