4.2 DHCP and DNS

DHCP — Automatic Addressing

Dynamic Host Configuration Protocol (DHCP) hands clients their full IP configuration so administrators do not assign addresses by hand. A single misconfigured static address can cause a duplicate-IP conflict; DHCP eliminates that class of error.

What a DHCP lease delivers

The DORA exchange

D  Discover  Client -> 255.255.255.255 broadcast, src 0.0.0.0, has no IP yet
O  Offer     Server -> proposes an address + options
R  Request   Client -> broadcasts to ACCEPT one offer (tells all servers)
A  Acknowledge Server -> DHCPACK, lease is now active

Discover and Request are broadcasts; the client has no address during Discover (source 0.0.0.0) and re-broadcasts the Request so any server whose offer was not chosen can return its address to the pool. Client uses UDP 68, server uses UDP 67.

Cisco router as DHCP server

R1(config)# ip dhcp excluded-address 192.168.10.1 192.168.10.10
R1(config)# ip dhcp pool LAN-POOL
R1(dhcp-config)# network 192.168.10.0 255.255.255.0
R1(dhcp-config)# default-router 192.168.10.1
R1(dhcp-config)# dns-server 8.8.8.8 8.8.4.4
R1(dhcp-config)# domain-name example.com
R1(dhcp-config)# lease 7

Note the excluded-address range is set in global config, not inside the pool, and should cover any statically assigned addresses (router, servers) so DHCP never hands them out.

DHCP relay (ip helper-address)

Broadcasts do not cross routers, so a client on one subnet cannot reach a DHCP server on another by broadcast. Configure the relay agent on the interface facing the clients:

R1(config)# interface g0/1
R1(config-if)# ip helper-address 10.0.0.50

ip helper-address converts the broadcast DHCPDISCOVER into a unicast aimed at the server's IP. As a bonus it forwards several other UDP broadcast services (TFTP, DNS, NTP, TACACS, NetBIOS) by default.

Verifying DHCP

R1# show ip dhcp binding              ! active leases (MAC <-> IP)
R1# show ip dhcp pool                 ! pool range and utilization
R1# show ip dhcp conflict             ! addresses flagged as duplicate

DNS — Name Resolution

Domain Name System (DNS) translates names like www.example.com into IP addresses. Resolution order on a PC: local hosts file, then the OS DNS cache, then a query to the configured resolver, which performs a recursive lookup down the hierarchy root -> TLD (.com) -> authoritative server.

Record types you must know

DNS on Cisco devices

R1(config)# ip name-server 8.8.8.8 8.8.4.4
R1(config)# ip domain-lookup            ! enabled by default
R1(config)# no ip domain-lookup         ! stop typo-triggered name lookups

The classic reason to enter no ip domain-lookup: when you fat-finger a command, IOS treats it as a hostname and tries to resolve it, hanging your terminal for several seconds. DNS uses UDP 53 for normal queries and TCP 53 for zone transfers and oversized responses.

Diagnosing the Two Classic Failures

• No address at all -> DHCP path. Confirm ip helper-address on the client gateway, the pool has free addresses (show ip dhcp pool), and the excluded range is not eating the whole scope.
• Can ping IPs but not names -> DNS path. Connectivity works (the ping proves it); check the client's resolver setting, ping the resolver, and run nslookup.

Lease Lifecycle and Renewal

A lease is not held until it expires and then dropped — the client renews proactively. At 50% of the lease (T1) the client unicasts a DHCPREQUEST straight to the server that granted the lease, asking to extend it; a DHCPACK resets the clock. If that server is unreachable, at 87.5% (T2) the client broadcasts the Request to reach any server. Only if both fail does the lease expire and the client release the address and restart DORA. This is why a brief DHCP-server outage rarely knocks clients offline immediately — they already hold a valid lease and keep using it until T1/T2 renewals fail.

When DHCP fails entirely on a Windows host, the OS self-assigns an APIPA address in 169.254.0.0/16. Seeing a 169.254.x.x address on a client is a strong signal that the client never received a DHCPOFFER — the relay, the pool, or the path to the server is broken. CCNA scenarios use that 169.254 clue to point you at the DHCP path rather than DNS or NAT.

DHCP Conflicts and Reservations

If the same address is handed out twice — usually because a static device was not added to the excluded range — IOS detects the duplicate via a ping/gratuitous-ARP test and parks the address in the conflict table, viewable with show ip dhcp conflict. The fix is to expand ip dhcp excluded-address to cover every statically configured host and then clear ip dhcp conflict *. For a device that must always get the same address but still use DHCP, bind its MAC to a specific IP with a manual binding rather than a static interface address.

DNS Caching and TTL

Every DNS record carries a time-to-live (TTL) that tells resolvers how long to cache the answer. A short TTL (say 300 seconds) lets an administrator move a service quickly during a migration; a long TTL reduces query load but slows propagation of changes. On a client you can clear a stale answer with ipconfig /flushdns (Windows). Understanding TTL explains why a hostname can keep resolving to an old IP for minutes after a record changes — the cache, not the authoritative server, is answering.

On the exam: Memorize DORA, ports 67/68, the ip helper-address relay command, and that A=IPv4 while AAAA=IPv6. A 169.254.x.x client address means DHCP failed, and "pings IP but not hostname" is always a DNS question.