How to Set Up a DHCP Server with ISC DHCP on RHEL 7

How to Set Up a DHCP Server with ISC DHCP on RHEL 7

The ISC DHCP server is the most widely deployed DHCP implementation in enterprise Linux environments. Running your own DHCP server on RHEL 7 gives you full control over IP address assignment, lease times, gateway and DNS options, and fixed-address reservations for servers and network appliances. A centrally managed DHCP server eliminates the need to manually configure static addresses on most devices, ensures consistent network configuration across your environment, and provides a lease database you can query to map MAC addresses to IP addresses for troubleshooting. This tutorial walks through the complete setup of ISC DHCP on RHEL 7 including package installation, dhcpd.conf configuration, fixed address reservations, firewall rules, lease inspection, and an introduction to DHCPv6.

Prerequisites

• RHEL 7 server with root or sudo access and a valid subscription
• A static IP address configured on the server’s network interface (e.g., 192.168.1.1)
• The server connected to the network segment it will serve DHCP on
• No other DHCP server running on the same subnet (duplicate DHCP servers cause address conflicts)

Step 1: Install the ISC DHCP Server Package

The dhcp package provides the dhcpd daemon for IPv4. Install it with yum:

sudo yum install -y dhcp

This installs the DHCP server daemon, the main configuration file skeleton, and the DHCPv6 daemon. Verify the installed version:

rpm -qi dhcp | grep -E "Version|Release"

The default configuration file is located at /etc/dhcp/dhcpd.conf and is nearly empty after installation. The package also ships an annotated example at /usr/share/doc/dhcp-*/dhcpd.conf.example which is useful as a reference:

cat /usr/share/doc/dhcp-*/dhcpd.conf.example | less

Step 2: Configure dhcpd.conf — Global Settings

Open the main configuration file:

sudo vi /etc/dhcp/dhcpd.conf

Begin with global options that apply to all subnets unless overridden:

# Global settings
authoritative;
log-facility local7;

# Default and maximum lease times in seconds
default-lease-time 86400;       # 24 hours
max-lease-time 604800;          # 7 days

# DNS update behavior
ddns-update-style none;

# Global options
option domain-name "example.internal";
option domain-name-servers 192.168.1.1, 8.8.8.8;

The authoritative; directive tells dhcpd that it is the authoritative DHCP server for the network. Without this, the server will not send DHCPNAK replies to clients with stale leases from a different DHCP server.

Step 3: Define a Subnet and Address Range

Add a subnet declaration that covers your network segment. Append to /etc/dhcp/dhcpd.conf:

subnet 192.168.1.0 netmask 255.255.255.0 {

  # Address pool for dynamic allocation
  range 192.168.1.100 192.168.1.200;

  # Subnet-specific options
  option routers 192.168.1.1;
  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.1.255;
  option domain-name-servers 192.168.1.1, 8.8.8.8;
  option ntp-servers 192.168.1.1;

  # Lease times (override global if needed)
  default-lease-time 86400;
  max-lease-time 604800;
}

The range directive defines the pool of addresses dynamically assigned to clients. Addresses outside this range (e.g., 192.168.1.1 through 192.168.1.99 and 192.168.1.201 through 192.168.1.254) are available for static assignment or fixed-address reservations without being handed out dynamically.

Step 4: Configure Fixed Address Reservations

Fixed-address reservations (also called static DHCP or DHCP reservations) bind a specific IP address to a client’s MAC address. The client goes through the normal DHCP discovery process but always receives the same IP. Add host blocks inside or outside the subnet declaration:

host printer01 {
  hardware ethernet 00:1A:2B:3C:4D:5E;
  fixed-address 192.168.1.20;
  option host-name "printer01";
}

host server-web01 {
  hardware ethernet 08:00:27:AB:CD:EF;
  fixed-address 192.168.1.10;
  option host-name "server-web01";
  option domain-name-servers 192.168.1.1;
}

host nas01 {
  hardware ethernet 00:50:56:A1:B2:C3;
  fixed-address 192.168.1.30;
}

To find the MAC address of a connected device, check its network configuration or use arp -n on the server after the device requests an address.

Step 5: Start and Enable the DHCP Service

Before starting, verify the configuration file syntax:

sudo dhcpd -t -cf /etc/dhcp/dhcpd.conf

A clean configuration produces no output. Start and enable the service:

sudo systemctl start dhcpd
sudo systemctl enable dhcpd

Check the service status:

sudo systemctl status dhcpd

View startup messages to confirm which interface and subnet are being served:

sudo journalctl -u dhcpd -n 30 --no-pager

Expected output includes lines like:

Listening on LPF/ens33/08:00:27:12:34:56/192.168.1.0/24
Sending on   LPF/ens33/08:00:27:12:34:56/192.168.1.0/24
Sending on   Socket/fallback/fallback-net

Step 6: Configure the Firewall for DHCP

DHCP operates over UDP. The server listens on port 67 and clients send from port 68. Open port 67 in firewalld:

sudo firewall-cmd --permanent --add-service=dhcp
sudo firewall-cmd --reload

The dhcp service in firewalld opens UDP port 67. Alternatively, add the port explicitly:

sudo firewall-cmd --permanent --add-port=67/udp
sudo firewall-cmd --reload

Verify the rule is in place:

sudo firewall-cmd --list-services
sudo firewall-cmd --list-ports

Step 7: View and Manage Leases

The DHCP lease database is stored in /var/lib/dhcpd/dhcpd.leases. This plain-text file records every active and expired lease:

sudo cat /var/lib/dhcpd/dhcpd.leases

A typical lease entry looks like:

lease 192.168.1.105 {
  starts 0 2026/05/17 10:00:00;
  ends 1 2026/05/18 10:00:00;
  tstp 1 2026/05/18 10:00:00;
  cltt 0 2026/05/17 10:00:00;
  binding state active;
  next binding state free;
  rewind binding state free;
  hardware ethernet 52:54:00:12:34:56;
  client-hostname "workstation01";
}

To list only currently active leases with their MAC addresses and hostnames:

grep -A 10 "binding state active" /var/lib/dhcpd/dhcpd.leases | grep -E "lease|hardware|client-hostname"

The lease file is appended to and compacted periodically. Force a compact by restarting the daemon; the old entries are removed and only current state is written.

Step 8: Configure a Second Subnet (Multiple Subnets)

If the DHCP server has interfaces on multiple subnets (or a relay agent forwards requests from another network), add additional subnet declarations:

subnet 10.0.0.0 netmask 255.255.255.0 {
  range 10.0.0.50 10.0.0.150;
  option routers 10.0.0.1;
  option domain-name-servers 10.0.0.1;
  default-lease-time 3600;
  max-lease-time 7200;
}

RHEL 7’s dhcpd must be configured to listen on the correct interfaces. Edit /etc/sysconfig/dhcpd to specify interfaces if the server has multiple NICs:

sudo vi /etc/sysconfig/dhcpd

DHCPDARGS="ens33 ens34"

Restart after any configuration change:

sudo systemctl restart dhcpd

Step 9: Set Up DHCPv6

For IPv6 networks, RHEL 7 provides a separate DHCPv6 daemon. The configuration file is /etc/dhcp/dhcpd6.conf:

sudo vi /etc/dhcp/dhcpd6.conf

default-lease-time 2592000;     # 30 days
max-lease-time 7776000;         # 90 days
log-facility local7;
authoritative;

subnet6 2001:db8:1::/64 {
  range6 2001:db8:1::100 2001:db8:1::200;
  option dhcp6.name-servers 2001:db8:1::1;
  option dhcp6.domain-search "example.internal";
}

Start and enable the DHCPv6 daemon:

sudo systemctl start dhcpd6
sudo systemctl enable dhcpd6

Open the DHCPv6 firewall port (UDP 547):

sudo firewall-cmd --permanent --add-port=547/udp
sudo firewall-cmd --reload

Step 10: Testing and Troubleshooting

Test DHCP from a client by requesting a new lease. On a RHEL/CentOS client:

sudo dhclient -v ens33

On the server, watch real-time DHCP activity in the system journal:

sudo journalctl -u dhcpd -f

Common troubleshooting checks:

# Check if dhcpd is listening on the expected port
sudo ss -ulnp | grep dhcpd

# Verify the interface matches a configured subnet
sudo dhcpd -t -cf /etc/dhcp/dhcpd.conf

# Check SELinux for denials
sudo ausearch -m avc -ts recent | grep dhcpd
sudo setsebool -P dhcpd_use_ldap 0   # disable unused boolean if causing noise

Conclusion

ISC DHCP on RHEL 7 provides a powerful, flexible platform for managing IP address assignment across your network. You have configured the dhcpd.conf file with global settings, subnet declarations with dynamic address ranges, and fixed-address host reservations that bind specific IP addresses to MAC addresses. Enabling the service with systemctl, opening firewall port 67/udp, and inspecting the lease database at /var/lib/dhcpd/dhcpd.leases gives you full visibility and control over address assignment. The addition of a DHCPv6 configuration with the dhcpd6 daemon prepares your environment for dual-stack IPv4/IPv6 deployments. With a well-maintained DHCP server, network operations such as adding new devices, changing DNS servers, or rotating gateway addresses become centrally managed, consistent, and auditable.