How to Install and Configure a DHCP Server on Rocky Linux
When a user plugs in an ethernet cable or joins a wifi network, they expect to be connected and online right away. Other than typing in a wifi password, they shouldn’t have to do anything like managing IP addresses or DNS server addresses.
The automatic configuration of your clients’ network interface is done with DHCP (Dynamic Host Configuration Protocol). As an administrator, you want to provide streamlined connectivity while exerting as much (or as little) behind-the-scenes control as possible. You can do that via routers or other network equipment, but you’re often limited to whatever those devices expose. To really get the most out of your DHCP setup, you’ll want to run your own dedicated server.
Using Rocky Linux for this task will get you more security than using a router with firmware that may or may not get updated. On top of that, your server will probably be more powerful than a network device, so the chances of there being resource-based problems will be minimized.
Let’s walk through deploying DHCP on Rocky Linux. It’s easy, fun, and free. (If only there was more of that in the world, right?)
What you'll need for your DHCP server
To deploy a DHCP server, you'll need the following:
- A running, up-to-date instance of Rocky Linux
- A user with sudo privileges
- A network connection
- Information about your network (such as default gateway and DNS server addresses)
Keep in mind that you must ensure that the configuration of this DHCP server doesn't conflict with any other machine serving the same purpose. For example, you might have a router configured to hand out DHCP addresses in the range 192.168.1.100 through 192.168.1.200. If that's the case, you don't want to configure Rocky Linux to serve up IP addresses within that same range.
Installing dhcp-server with dnf
Rocky Linux uses dnf
for package management, so install the DHCP server software with the command:
sudo dnf install dhcp-server -y
The installation shouldn't take much time at all (it’s less than 4MB). When it finishes, it's time to move on to the configuration.
Configuring your DHCP server
Your DHCP requires some configuration before it can do anything useful. In these next sections, we’re going to identify the network interface, subnet and subnet mask, default gateway, and a few other things. Ready to get your hands dirty?
Determine the correct network interface
Before we configure the DHCP server, you need to locate the name of the network interface you’ll be using. If you’ve done network stuff on Linux before, you might have used ifconfig
but, as of Rocky Linux 8, that’s no longer used. Instead we’re going to use the ip
command. You can learn more about network configuration in Rocky Linux from the official docs.
To gather your network interface info, issue the command:
ip address
The output of the above command should look something like this:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:3b:16:a3 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.183/24 brd 192.168.1.255 scope global dynamic noprefixroute enp0s3
Entries for each network interface are followed by a colon. In this example, there are two interface entries (“1:” and “2:”) followed by the names of the interfaces themselves (“lo” and “enp0s3”). You might have more than 2 entries. What you're looking for is the name of the network interface that is capable of reaching the targeted LAN (so not the LOOPBACK device). In the case above, we’re going to use the interface named enps0s3.
Determine the subnet, subnet mask, and IP ranges
One of the more obscure pieces of information you’ll need to derive from this output is the “subnet” and “subnet mask,” which identifies which part of your IP address identifies the network. 192.168.1.183/24 in our example is CIDR notation, and translates to a subnet of 192.168.1.0 and subnet mask of 255.255.255.0. If your suffix is something other than /24, you can use IP Calculator / IP Subnetting to calculate the subnet and subnet mask for your network.
You should also check your routing table to determine your “default gateway.” (The default gateway serves as an intermediary for the targeted LAN and the rest of the network or internet.) To get this information, use the command:
ip route
The output of this command should look something like this:
default via 192.168.1.1 dev enp0s3 proto dhcp src 192.168.1.183 metric 100
192.168.1.0/24 dev enp0s3 proto kernel scope link src 192.168.1.183 metric 100
Here, the “default gateway” is “192.168.1.1.”
Update your dhcpd.conf file
Next, we’re going to use sudo
to open and edit the DHCP configuration file /etc/dhcp/dhcpd.conf
.
In this file, we’ll define the DHCP settings to include an IP address range, subnet mask, default gateway, and DNS server. Let's say that you're working with the following information:
- 192.168.1.x network address scheme
- Required DHCP range - 192.168.1.10 to 192.168.1.100
- Subnet/subnet mask - 192.168.1.0/255.255.255.0
- Default gateway - 192.168.1.1
- DNS server - 1.0.0.1 (a public DNS service provided by Cloudflare)
You might want to configure a default lease time of 24 hours and a max lease of 48 hours. That information is configured in seconds, which converts to a default-lease-time of 86400 and a max-lease-time of 172800.
For the above configuration, the file would look like this:
default-lease-time 2592000;
max-lease-time 3888000;
authoritative;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.100;
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name-servers 1.0.0.1;
}
We use authoritative
to tell the DHCP server that this is the authority for the network it serves. From the dhcp.conf man page, we learn the following about the authoritative statement:
The DHCP server will normally assume that the configuration information about a given network segment is not known to be correct and is not authoritative. This is so that if a naive user installs a DHCP server not fully understanding how to configure it, it does not send spurious DHCPNAK messages to clients that have obtained addresses from a legitimate DHCP server on the network.
Once you’ve finished your dhcpd.conf
edits, save and close the file.
Open the firewall and start your DHCP server
We now have to open your server’s firewall to allow DHCP requests to come through. (Rocky Linux uses firewalld.) To do this, issue the following command:
sudo firewall-cmd –add-service=dhcp --permanent
Reload the firewall with:
sudo firewall-cmd --reload
Finally, start and enable the DHCP server with:
sudo systemctl enable --now dhcpd
Your Rocky Linux server is now able to hand out DHCP addresses. If this server doesn't conflict with any others on your network, you shouldn't have any issues with DHCP address assignment.
Achievement unlocked! Here’s your DHCP master trophy: 🏆
Congratulations! You’re now running your own DHCP server on Rocky Linux. This puts you in the elite sysadmin tier. Now it’s time to go give out some private IP addresses. What are you going to do next with all this power you now wield?
Well, if you’re new to Rocky Linux, we have a top 10 list of things to do after you’ve installed Rocky Linux. Or you might want to set up some two-factor authentication with your SSH connections. Who knows? The world is yours now!
If you like this tutorial and want to see some more like it, let us know via email: info@ciq.com. Or, reach out to us on social media (LinkedIn and Twitter).