DHCP

fanoflq · 11-06-2016, 07:43 AM

I came across this:

https://kb.iu.edu/d/adov

Excerpts at bottom page, "Note":

Quote:

At Indiana University, UITS prohibits individuals and departments from setting up local DHCP servers on the IU network. Almost all wireless access points, many wired Ethernet routers, and computers running Internet Connection Sharing have built-in DHCP servers. While this makes configuration of a small network easier, it can cause problems when the DHCP servers are used in larger networks. Client computers configured to use DHCP for IP assignment do not need statically assigned IP addresses. In addition, they generally do not need to have addresses configured for DNS servers or WINS servers, as these are also set by the DHCP server. For more, see What are the DHCP operational policies at IU?

For the underlined sentence above, what problems can a
built-in DHCP server cause when used in a large network?

On CentOS7:

Quote:

$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
search Home

"nameserver 127.0.1.1" would mean DNS is 127.0.1.1, correct?
If so, why is DNS on local host?

AlucardZero · 11-06-2016, 11:31 AM

> what problems can a built-in DHCP server cause when used in a large network?
A rogue DHCP server will cause problems such as another device's network not working at all.

> If so, why is DNS on local host?
A local DNS server that is forwarding requests, such as dsnmasq or bind, is in use, likely for caching.

fanoflq · 11-06-2016, 11:47 AM

Quote:

Originally Posted by AlucardZero

> what problems can a built-in DHCP server cause when used in a large network?
A rogue DHCP server will cause problems such as another device's network not working at all.

Can you be more specific?
Thank you.

AlucardZero · 11-06-2016, 02:32 PM

If a device gets an IP from the rogue DHCP server instead of the properly configured site DHCP server, it's quite likely that the device won't be able to get to the Internet.

fanoflq · 11-06-2016, 02:36 PM

Thanks.

I wonder what else could built-in DHCP server cause.

sundialsvcs · 11-07-2016, 06:55 AM

It's really much the same thing that will happen if a "second" DHCP server is running anywhere, even in your own home or office network.

The problem is, simply, that when any newly-powered-on computer broadcasts, asking for an IP-address that it can use, it needs to hear from only one DHCP server, and from it receive the correct answer.

If more-than-one computer might "answer," it's unpredictable which one the new computer will hear from first, since that's the only reply that it will react to. If the answer comes from a computer that doesn't have the right answer ... that doesn't have a complete and accurate list of addresses that have been assigned and to whom they have been assigned ... very-unpredictable outcomes may occur including IP-address conflicts.

The University's policy is quite ordinary, and quite necessary for any (and every) TCP/IP subnet that offers DHCP.