[Infrastructures] DHCP for servers

Stephen P. Schaefer sschaefer@rfmd.com
Mon, 27 Jun 2005 17:56:22 -0400 

One issue to consider is your security posture: DHCP is a completely
unauthenticated protocol.  (How can you authenticate before you know who
you are or anyone else is?)  I've occasionally run a DHCP *server* on my
Linux laptop when we couldn't figure out how to get the Microsoft DHCP
server to behave as I wanted it to (whereas the ISC server "just
worked").  But the flip side is that anyone with physical access to the
subnet can also run a a DHCP server, causing havoc - and not necessarily
maliciously: maybe their laptop is their DHCP server *at home* - I know
mine occasionally is :-).

I use DHCP during the install, but part of the installation automates
transforming that DHCP lease into a hard-coded address, after which the
machine doesn't participate in DHCP.  That means I can't use DHCP to
update things like router, DNS server, NIS domain, or anything else, but
there are other means to those ends.

    - Stephen

On Mon, 2005-06-27 at 16:33 -0400, David A. Ulevitch wrote:
> On Jun 27, 2005, at 1:01 PM, Kyle Moore wrote:
> 
> > This is probably a stupid question but is it common or considered   
> > best practices to use DHCP for servers? I've always thought this   
> > was a bad idea because it is just one more dependency for the   
> > server that I would like to avoid. Now that I'm trying to
> automate   
> > more and maintain consistency DHCP seems like a good idea.
> 
> It doesn't seem like it'd be very hard to make a failover DHCP   
> setup.  DHCP provides a lot of nice things (like enabling PXEboot)   
> and other features.  Unlike a database server which might be hard
> to   
> setup failover for, a DHCP server seems rather easy and static.
> 
> In fact, I may have read about some features in ISCs dhcpd that   
> specifically provide or complement some failover features but I
> can't   
> see to find it at the moment... man dhcpd I suppose. :)
> 
> Thanks, 
> David Ulevitch 
> _______________________________________________ 
> Infrastructures mailing list 
> Infrastructures@mailman.terraluna.org 
> http://mailman.terraluna.org/mailman/listinfo/infrastructures
>