21Jul

DHCP: Frictionless Device Configuration

Posted by B. Hale

The Dynamic Host Configuration Protocol, or DHCP, is most commonly known as the system that provisions IP addresses and other basic network details when a system connects to a network. While this is its most popular use, there are a number of other configuration tasks that can be accomplished with this versatile protocol. Here are a few lesser known ways that hosts and devices can be automatically configured when connecting to a network.

How Does it Work?

While an IP address for the current host and DNS are what is most often provisioned when connecting, DHCP describes another concept called the option. Options are extensive, and can configure clients with far more than just an IP and DNS address. Here are a few examples of what can be configured.

Time Servers

It is rare for users to manually set times and dates on devices. This is thanks to the Network Time Protocol (NTP), a complex system by which devices synchronize time on a regular basis. Often this is done via well-known public servers, but there may be a use case for moving this resolution in-house.

With the correct option configured on the server, it is possible to direct client devices to another NTP server. This can be hosted on site, globally, or on a VPN or other network available only to clients in a specific geographic area. By synchronizing the hosted time server with well-known NTP providers, it is possible to provide an accurate service while limiting or shaping critical outbound traffic.

Logging

Logging is critical for production deployments. It is often better to aggregate logging to a central server so all device logs can be viewed at a single point. Also, should a given device or service be compromised, sending logs to a separate machine eliminates the possibility of the attacker modifying or removing the evidence of their attack from the compromised host.

Thankfully, any system that uses the common syslog protocol can be configured to redirect its logs to a central server when it joins the network. Diagnosing failures becomes significantly easier when all logs are directed to a single node that can be analyzed and searched. Further, even if a host is compromised and this connection is broken, the very act of severing the connection will likely generate logs on the uncompromised log aggregator.

Conclusion

DHCP has many options in addition to those featured here, including some that are vendor-specific. While client support may not be universal, the DHCP server configuration is a great place to store the many best practices for configuring devices on a specific network.