The ISC DHCP server checks IP addresses to see if they are in use before assigning them to clients. It
simply pings the IP address being assigned. If no reply is received within a second, the address is assumed to
be free. This is only done for leases that have been specified in range statements, and only when the
lease is thought by the DHCP server to be free, that is, it is not listed as in use.
If a response is received to the ping, the server assumes that there is a configuration error -
the IP address is in use by some host on the network that is not a DHCP client. It then marks the address
as abandoned, and will not assign it to clients.
If a DHCP client tries to get an IP address, but none are available, and there are abandoned IP addresses,
then the DHCP server will try to reclaim such an abandoned IP address. It marks one IP address as free,
and then pings it again. If there is no reply, the address is assigned to the client.
The DHCP server does not cycle through abandoned IP addresses if the first IP address it tries to reclaim
is free. When the next client attempts to find a DHCP server, it will try a new adrress assignment in the
same way described here, and will try a new IP address.
The "ping check" can be controlled by 2 dhcp options, ping-check and ping-timeout.
Ping-check takes a value of false or true (default = true), the timeout takes a numeric value defining the number of seconds
for the timeout (default = 1).
At first glance, there may not seem to be much to talk about in terms of security and DHCP.
However, considering the importance of DHCP, a few precautions are in order. The first consideration is the machine
itself. Although an outage of a couple of hours might be something you can deal with, any long outage means
that there may be a number of machines without a valid configuration or even a valid IP address.
Therefore, you need to look at what other services the machine with your DHCP server provides.
Since operation of a DHCP server requires hardly any CPU power, only limited storage and only a small amount
of memory to run, you can easily get away with "older", even considered obsolete, machines.
You will probably need more computing power and storage to compile the DHCP software than to run it.
An old 486 or Pentium class machine with as little as 32 MB Ram will do fine as DHCP server, you should
not be afraid of any performance lag. For large sites however, a more powerfull server might be usefull.
Anyway, just make sure the machine is reliable.
