welcome back as you know i'm eli the computer guy and in today's class we're going to be talking about dhcp dynamic host configuration protocol this is a protocol that is just absolutely amazing it's one of those things in the technology world it's almost like water you know it's just so ubiquitous it is so everywhere that nobody really thinks about it a lot until it's not functioning properly and of course you being a technology professional it's your responsibility to understand what to do if it's not working properly when we talk about dhcp this is a protocol that allows client computers to connect to a dhcp server and be able to automatically get ipv4 address information right uh so you should be used to using this service at this point in time basically you walk into an internet cafe or you plug your computer into the network and your computer automatically is able to get a usable ip address a subnet mask a default gateway a primary and secondary dns server and that all happens through the dhcp process uh this is really great because back in the old days before we had dhcp everything had to be a static ip address what we mean by a static ip address is that this is a hard coded ip address that you would have to manually go in and configure for every computer server networking device the whole nine yards and you would have to plug in an ip address and a subnet mask and a default gateway the dns servers the whole nine yards and you had to make sure that you did not copy the same configuration for multiple computers on the network crap okay i'm gonna i'm gonna make this server 192.168.1.2 but darn but darn is is somebody else using 192.168.1.2 and crap some noob turned off icmp so i can't ping anything on the network because that's what noobs do every once in a while right and then you could get into problems when you had to hard code you had to statically had to manually input the static information you could get duplicate addresses it was very easy to fat finger things so you didn't put in the right configuration and it was just a complete and an utter pain in the ass because if you have you know five ten a hundred computers that you have to manually configure uh with their ipv4 uh information that just kind of sucks do you remember as a technology professional one of the things that we try to do is we try to automate and centralize everything right if you have to sit down at an individual computer to do configurations that is that's just going to make your life miserable that's why we use things like dhcp to dynamically give ip addresses that's why we use active directory in the microsoft world in order to centrally manage and administer all of our systems and so what dhcp does is it allows us to have one place where we can manage our ip address scheme be able to automatically give out the ip address information to all of our clients and that's what we're going to be talking about today now one of the first things that you have to remember whenever you're using any kind of client server architecture when we talk about a client server architecture that means you have client computers that communicate with servers in order to be able to get information or do something right one of the big things to remember in a client server architecture is you actually have to configure the client uh to be able to communicate with the server that it's trying to communicate with right uh in the dhcp world this is a relatively simple but if you don't know what you're doing or if again one of those little interns that you just hired decided to do something stupid you could run into problems uh over here i have um on the screen this is the network configuration panel for a windows computer uh it'll be a lot the same uh you know regardless of the operating system you're using if you're using mac it'll look a lot like this if you're using linux if you're using gui linux it'll look a lot like this if you're using command line linux well you're you're so smart i'll let you deal with that right but one of the big things that you have to remember is to actually configure uh d8 the uh internet configuration on your computer the network configuration to actually use dhcp so you will see something like in the windows world it says obtain an ip address automatically that is what you are going to want to have checked off in order to use dhcp if you have if somebody has configured to use the following ip address and they have ip address information already configured within this network configuration panel that will be the ip address information that your computer is using so you can run into problems with this a lot of times let's say you have remote workers especially in the modern world remote workers sales sales staff that type of thing sometimes for whatever reason when they go to a particular site they may need to manually put in some ip address information for their computer to work properly at that site and then of course being users they forget what they did and so then they come into your site they're not able to connect to the network and they're like ah the network is down and it's like no you just need to go back and and uh check the whole thing obtain a ip address automatically so that's one thing to remember in the troubleshooting world the other thing to remember in the troubleshooting world is our dns configurations down here so we had a whole class on dns before and dns can run you into a lot of problems especially with dhcp because one of the things with the the dns information is you can actually configure your dns on your local computer to use manual dns addresses instead of using what comes down from the dhcp server right so the dhcp server is going to give you your ip address it's going to give you your subnet mask and it's going to give you your default gateway you do have the option to basically manually put in your own dns server information and basically override whatever the dhcp server would give you you can run into a lot of problems with that because many times especially sales people right especially sales people folks that think they know what they're doing with their computer they'll manually override those dns settings in order to connect to google's dns servers or cloudflare's dns servers those public dns servers so that their system is faster and they have more more anonymity when they go to porn sites or whatever else as you know you know that's what they're doing with their with their with their company laptops remember when you get a company laptop back in after a salesperson quits the company have a lot of pure hell and spray that thing down it's just true right anyways one of the big problems you can have though is if they configure the dns server here manually uh remember those public dns servers do not know what's going on inside your internal network right so the computer then what's going to happen their computer is going to go out to the cloud to the dns servers out in the cloud and they're going to ask the dns servers out in the cloud hey where is uh what is the ip address for server right so you have an active directory server a file server or something that is in your own internal network and the uh the dns out in the public cloud is going to have no idea because that's not their problem they resolve to cnn.com or dropbox.com or something like that they're not going to resolve the internal uh server ip address um and so this is one of the things that you can get screwed up from a troubleshooting standpoint is is again people that are you know they're they're smart they're smart enough to open up the network configuration panel without fully grasping what the hell they're doing but anyways as long as you have the obtain the ip address and as long as you have the obtained the dns address basically what's going to happen is when you're when your computer connects to the network so you may have a switch basically you're going to connect to the the hardwired network that the cat5 network or you're going to have a wireless access point and so you're going to connect with with wirelessly basically off of on this network you're going to have a dhcp server right so this dhcp server is going to have a whole bunch of information about what it's allowed to provide to the clients uh it'll have what's called a scope we're going to talk about this in a second we're going to talk about lease length something called lease length we'll talk about in a second uh you know oops reservations and a few other things right so basically the dacp server is going to have some basic configurations in it to be able to send the ip address information to the client you're going to have your computer connected either hardwire or wirelessly it's going to say hey i need an ip address it's going to communicate on the network again remember dhcp is a protocol a protocol is a language different languages do different things this language is basically for a way that the computers can very easily communicate with the dhcp server and bring down that ip address information so it's gonna communicate on the pro with the protocol it's going to find the dhcp server the dacp server is then going to give the client the ip address information that it needs and away you go so it's a pretty easy thing one of the things to remember though a very important thing is that basically you can only have one dhcp server per lan so this can be a big problem when people just start plugging things in willy-nilly on a network as people do is remember because of how this protocol works you're going to have your computer plugs into the the network and then it's going to communicate out and essentially it's going to going to go to the first dhcp server it can resolve to and get an ip address that way you can run into a problem because if you put multiple dhcp servers on your network they do not necessarily talk to each other they don't necessarily know the other one exists and so then you know one client can be getting dacp information from one dhcp server another client can be getting information from a different dhcp server and everything can go to hell you can have basically computers on the network with multiple with the same ip address so you have two computers with ip address 19.168.1.10 or one of the bigger problems right is let's say you have your network right you have your network and you have sales guy and sales guy is so smart right sales guy you know was given partition participation you know ribbons back when he was two years old he was winning his participation ribbons he went to to to school and he always got you know the the gold stars and all that so he knows that he is smart little little halo effect for the salesperson world and one of the issues is that when he goes into the office he doesn't get the wi-fi signal that he wants right for whatever reason again this can be a real problem right the ceo has decided they're not going to upgrade the wi-fi infrastructure and so you know the sales person is a little sad because because they're not getting the wi-fi signal that they want well so you have that you have this network and you have the the wi-fi access point so a wi-fi access point is only an access point it doesn't have the acp it doesn't have dns it doesn't do anything else all it does is allow people to connect wirelessly and so smart smart sales person says well i want wi-fi in my office and i have this this wi-fi router at home so what i'm going to do is i'm going to bring my own wi-fi router in i'm going to plug it into my office so that i can get my wi-fi signal yay right and that smart wonderful sales person that's been getting participation ribbon since he was two years old now has fixed his problem the issue is is a salesperson knows a little bit but only a little bit so once they connected this a wi-fi this wi-fi router to the network the issue then becomes is not only are they getting the wi-fi signal but depending on how they plugged it into the network the uh the the why the wi-fi router may actually be advertising itself as a dacp server to the rest of the network now you have your dhcp server over here and all of a sudden you're getting weird networking problems because uh let's say the dacp server it's supposed to be 192.168.1.8 basically that's the network that your dhcp server is presenting and since a salesperson doesn't know anything about you know dhcp servers and subnet masking and all that kind of stuff his dhcp serving that server that he brought in is advertising the 10.1.10.x subnet so basically every computer on the network whenever they connect to the network they're going to say hey i need a dacp address whichever dhcp server resolves the ip address first is the ip address the the client is going to take and so all of a sudden you start having a whole bunch of computers with this freaking stupid-ass uh subnet mask and now they're on an entirely different subnet mask and remember subnet mask that network through the through ip address schemes they cannot communicate with computers on different subnets and then just everything starts going to hell because guess what smart sales guy isn't nearly as small as smart as they think they are and that can be that can be a fun thing so one thing to keep in mind the other thing to keep in mind um is i don't know if microsoft still has this problem microsoft had a real problem back in the day with their dhcp server so you would have your active directory server your dns server your dhcp server all on one windows server and one of the weird things that would happen and again i actually got paid money for this this is something i actually made quite a few thousands of dollars over the years is you go into a business environment and again that little sales person being the the smart happy person that they are they would install their little wireless router with dacp and one of the weird things one of the weird things with microsoft servers back in the day is that when the microsoft dhcp server recognized another dhcp server on the network it would simply turn itself off literally literally there wasn't even competition between dhcp servers there was something about how and again this was 2008 time frame hopefully they fixed this problem there was something about uh microsoft with their windows server if you had dhcp server services installed on your windows server and it detected another dhcp server on the network it would just shut the dhcp service off and then and then everything got brutal really quick so a big thing to understand here is that you will only have one dacp server per lan now again if you're dealing with the microsoft world if you're dealing with the enterprise world there's always like one of these you know this is how it is except in the few times that it isn't one of the things in the microsoft world is sometimes you'll have clusters or you'll have failover so you may have one a dacp server on a windows server and then you may have a failover dhcp server on a windows server so essentially you have your primary dhcp server and your secondary dhcp server this is configured within the windows server environment and basically the idea being here is you have this backup dhcp server if the first dhcp server fails or cannot be communicated with for a while then the secondary dhcp server that one goes online so that users can get access to it and then the maintenance people can can figure out the problem this is something kind of specific to the windows world or that larger server enterprise world so in general if you're dealing with offices with 500 or less users most likely you're just going to have one dhcp server per lan just realize if you have more than one dhcp server it's more of like a dhcp service where you do a whole bunch of configurations to make sure to make sure things don't go poorly so now let's talk about the configurations that you can actually do on your dhcp server now all the basic configurations are the basic configurations regardless what dhcp server you're dealing with if you have a microsoft dhcp server you're going to be able to say what the scope is you're going to have the reserved addresses you're going to have the dhcp lease length this is going to be the basic information that you can put into a windows dhcp server it's also the same basic information you can put into that that crappy little wi-fi router that you have in your house your the wi-fi router that you have in your house again is also a dhcp server it's also a dns server the whole nine yards and so this is a basic configuration that you put into that too now again when you get into the enterprise world then there might be some higher level configurations but this is the basic stuff that you need to know to get your dhcp server off the ground so the first thing that you need to think about is what is called the scope essentially you are going to create address pools so most of the time you'll just have one address pool but what this is is what are the addresses that are available for your dacp server to be able to assign to dhcp clients so if we look at the 192.168.1 network right so this would have a 255.255.255.0 subnet right here basically we have up to addresses that we can put into a pool that's part of the scope that can be assigned to clients that connect and need a dacp address again do remember when we're talking about actual usable network numbers is the lowest number in a in an ip address range that is considered the network id and the highest number so two five five five is the broadcast number so if somebody needs to communicate to all the computers on the land they would use the highest number and so what is left is you get ip addresses 1 to 254. so 1.192.168.1.1 192.168. all the way up to 254 and these are all the addresses within this particular subnet mask for this particular network so theoretically within your scope you could put one through 254 but the problem is that's all that's all of the addresses within that particular network and you're going to have your router and that's going to need an ip address 192.168. most likely right that's the default gateway you're probably going to have a server of some sort let's say 192.168.1.2 and you're going to have you know 3.3.4.5 you're gonna have print servers you're gonna have wireless access points you're gonna have other addresses uh where basically you need to have a static ip address for those particular devices so that you can interact with them maintain them in the whole nine yards so it would almost never use a scope of one through 254 because the issue is the issue is if you tell the dhcp server that it is able to assign 192.168.1.1 it will then assign that number that ip address to another computer on the network you then have two computers on the network with the exact same ip address and everything goes to hell it is important to understand that generally generally assume dhcp servers are stupid assume they're stupid and then if you have some high quality piece of software then go from there so dhcp servers do not scan the network they they do not go out and proactively try to figure out what's on the network to determine what i p addresses that they can or cannot give out essentially all they have is they have some records inside some little database table that states whether a current address has already been checked out of the dacp server and how long the lease length on that is so essentially you just realize this with the dhcp server it's not pinging so if if a client wants wants an ip address and the dacp server says okay this ip address is available based off of the information within its records it will not proactively ping or try to do any kind of network discovery to try to determine if a a device with that ip address is already on the network it'll just give that ip address then you have two computers with the exact same ip address depending on what the computers are doing that can be better or worse if it's you know 192.168.1.100 so just kind of you know crappy client computers that are on the network they'll probably just have some weird quirky problems if on the other hand to be clear if if you have two computers or more on the network with the same ip address as the default gateway right the default gateway is the computer or device all the computers on the network go to if they can't resolve an ip address or domain name on the local network right so basically when you try to get down to the internet when you try to get out to the wide area network you're going to go through that default gateway if you have multiple computers on your network with the same ip address as the default gateway you are just going to have a tremendous number of problems so when you're sitting there and you're thinking about your dhcp scope you do not do one through 254 or basically all the ip addresses that are available essentially what most people do is they look at how many computers they think is gone that are going to be on the network right so if you have a small business network maybe you have 10 10 or 20 devices on the network uh if you have a larger network you may have 500 devices and so you know it's kind of like one of those rule of thumb things so hell i'm just going to i'm just gonna put more addresses in the scope than i know that i need right so if i know if i know i have 10 computers on the network plus more devices may connect to the network um smartphones printers that type of thing i might just might just say okay you know what i'm going to do is i'm going to create a scope and i'm going to make that scope 192.168.1.50 to 192.168.1.100 right so basically what that does is that gives me 50 ip addresses within the scope that are able to be given to clients i think i will only need 10 so this gives me absolute this gives me more and more than enough do not do not cut it close do not do not try to cut it close and be smart 192.168. let's say 1.50 2.60 right hey i only have 10 devices on the network i'm only going to give myself a scope of 10. let me be clear these ip addresses don't cost you any money it's not that these count these ip addresses don't cost you a fraction or only cost you a fraction of a cent they don't cost you any money at all so giving yourself a wide a wide range is just better for everybody involved if you cut it close like this you may run into problems where oh the dacp server thinks uh it thinks that it's already assigned an ip address to to a computer but that computer doesn't realize that it thinks that it's supposed to have an ip address so it asks for another ip address and so then the dacp server can actually think uh that that is you that needs more ip addresses than it actually needs and you can run into some problems so basically all the scope is all the scope is is basically all the iap addresses that are available to provision for dhcp servers now when you're dealing with microsoft world again the microsoft world you start dealing with a larger server infrastructure you will also see the concept of pools so pools are basically where you can have multiple essentially scopes right so i might say i want 192.168.1.50 to 100 and then for some reason i may also say 192.168.1.150 to 200 right i don't know for some reason i might do something stupid like this again do do remember the technology world it literally is as much art as it is science there's the the technical way of doing things and then there's why you do it sometimes you can get some weird things let's say you have legacy networking equipment right for some reason um you know one networking person back in the day they used the low numbers of your ip address uh your subnet mask so let's say they used one through dot 20 for whatever reason so you need to make sure that those addresses aren't provisioned in your scope but then you had somebody else and they decided to do something different and so they decided to use i don't know oh dot 120 2.130 for different networking equipment for whatever reason and so you may you may have these chunks within the middle of your your subnet that can't be used and that's why you might create pools and then those pools then go into the overall scope most likely you're not going to have to do this this is something you will probably have to remember for a microsoft test if you ever do it i'm just kind of telling it here just just in case you need to know then uh basically again within the microsoft world and and then within you know some some of the dhcp server software you might install in linux or something you will have the option uh for configuring as reserved addresses uh so basically what the reserved addresses do is this is this is more or less like a notebook for the administrators to know why certain addresses were set aside right so you may have a reserved address and it'll be like 192.168.1.1 and that will correspond to your router then you have 192.168.1.10 and that will correspond to your active directory server so within the dhcp server software you can assign the ip address to the type of equipment that it's supposed to be connected to now it is important to understand you actually have to go into these devices or piece of networking equipment and actually configure the static ip address for these devices manually what the reserved address system uh is used for is basically so when a new administrator sits down and they're looking at your dhcp infrastructure you're looking at the the overall infrastructure they can say oh okay so 192.168.1.1 is supposed to be the router now let me go and see if the router is actually there okay 192.168.1.1 that's supposed to be the active directory server oh let's make sure it's actually there and you go through you know.12 is your exchange server you know.13 is something else so on and so forth basically this is a way to essentially kind of document what's going on with your network the important thing to understand is all of these computers or networking devices will have to have their ip address information entered onto them statically though so don't don't just assume because you configured something the reserved address within the dhcp server that that's somehow going to automatically configure these particular devices kind of just like a notebook then the final thing uh to look at um when you're dealing with uh the basic uh dhcp server uh configuration is lease length right and so basically what this is is when the dhcp server provides an ip address uh to to the client it's more or less a time to live on that ip address right how long should the dacp server wait before it assumes that that computer is no longer on the network and the ip address that was assigned is now available to be assigned again what essentially happens here is you configure the lease length within the dhcp server it can be one hour it can be one week it can be one month right dhcp server really doesn't care what happens right is you have the client that connects to the network it'll initially contact the dacp server and say i need an ip address the dhcp server will then give an ip address 192 168.1.10 let's say and then it will give a lease length so it'll say you have this list lease let's say for 24 hours what is supposed to happen is after 12 hours so basically the the whatever the least length is divided by two so for this would be 12 hours at the 12 hour time frame the client computer is supposed to communicate with the dhcp server and say hey i'm still using this ip address i just want you to know as long as the server responds you reset the lease length all the way up to its maximum length and the computer keeps going along what happens with this though is again with the with computers and network communication it always doesn't always work properly so after 12 hours your your client computer is going to communicate with a dhcp server if that does not occur for some reason then it will keep the least length as it currently is once that lease length is then half as much as it currently is so it goes from 24 to 12 to 6 hours at the six hour mark then the the computer will try to communicate with the dhcp server again if the dacp server responds the lease length gets reverted back to the 24 hours if it doesn't respond then it waits till it gets to the three hour mark then tries to communicate with a server so on and so forth and basically once it gets to the end or whatever the predetermined thing within the configuration basically the ip address is considered uh not not available anymore the dacp server then puts it back into its address pool and away you go so the lease length here is a very important thing because basically this is one of the things that tells the dhcp series server what addresses are currently available okay i gave this one out for 24 hours i gave this one out for 24 hours to give this one out for 24 hours i give this one out for 24 hours if it doesn't hear back from the clients within the appropriate period of time then that ip address is put back into the pool so that it can be given out to another client now it becomes interesting again when we talk about uh you know the technology world it is both science and art all technology is quirky all technology is quirky even even dhcp can't be quirky even in the 2020s dhcp it can be quirky and so one of the things that you have to think about for at least length is basically how often do you think computers are going to change on your network right so let's say you have an old school office let's just say you have an old school office everybody has desktop computers everybody has those desktop computers and they are hardwired into the network and so basically those desktop computers only get uh unplugged from the network essentially when they die when you have to swap the hard drive or something like that if you're dealing with that environment then you probably want a long lease time because you know again remember the the dacp client has to communicate with the tacp server if something fails there it can cause problems on the network and so the longer the lease length is the the less amount of time your clients are going to have to communicate with the dacp server less likely that something is going to get screwed up so you may want to have at least length on you know an infrastructure where it's all desktop computers where computers come in very on often you may want that to be something like seven days i would just say like one week you don't expect the computers to to get switched out very often so that should be fine you decrease the amount of times the dhcp server dhcp dhcp clients have to communicate with a server and so you should be good to go on the other hand let's say you have a cafe right so you have a cafe you've got the wi-fi signal a cafe and you have people that are coming in and out all day long and they're using your your cafe's internet connection to connect to the internet and do whatever they're doing right so in a day you may have 300 people or more that come into your environment to connect to the internet again if you have let's say 192.168.1.x network that will give you a total number of ip addresses of 254. let's say you reserve 10 of those i p addresses 1 through 10 just for your own internal networking infrastructure that will give you 244 ip addresses usable and you have 300 people coming into your your environment every day that will need to pull an ip address if this is what's going on you may just want to take your uh your dhcp lease down to one hour right because basically what's going to happen is you have people come in they're going to connect to your network they're going to get the you know whatever it is that they're getting they're going to walk out the door and so their their computer their little device that's pulling an ip address will not try to communicate with the dacp server after that hour hour time period is gone and so the dacp server will re-put their ip address back into the pool so they can get about the next person the next person the next person the next person the next person the next person the next person right and so that's one of the things to be thinking about with these lease lengths is basically how how often do you essentially expect the computers to come into and out of the network an old school desktop you know everybody's hardwired connected into the network probably put it up to seven days it'll make your life easier fewer glitches on the other hand if you have something like a wi-fi cafe you may reduce the lease length just so just so you can make sure that that you you flush all of the dhcp addresses through your dhcp server on a regular amount of time so that you don't run out of dhcp addresses so that's the basics of a dhcp server right you have your scope you have your reserved addresses and you have your lease length one of the things do to remember though whenever you're dealing with the infrastructure world is you have different services that interact with each other and you need to make sure that everybody is communicating with everybody else so that's just the things don't go to hell uh this becomes very relevant with dacp when you're dealing with dns right domain name system this resolves a fully qualified domain names generally host names for the computers and your network to ip addresses well one of the problems that you can have is you know new new techies that are trying to reinvent the wheel one of the things that they'll do sometimes is they'll decide hey i want to separate my dns server from my dhcp server right so let's say they find some cool new dhcp server software or some cool new dns server software and so they say i want to put these on two different boxes here's one of the issues that you can run into right so if you have one box that has your dns and your dhcp right when you have your client computer communicate with that box in order to get that ip address you know 192.168.1.11 let's say one of the things that's going to happen in this resolution process is that that that computer is also going to give the server its host name hi ipc one and so when the dhcp server gives the ip address to pc1 dns is going to create a record that says pc1 is 192.168.1.11 right and so that will be in in the dns record so when you have a different computer on the network that is looking it's trying to figure out who pc1 is it will communicate with the dns server the dns will have the the ip address record for pc1 and then it will say you need to go to 192.168. right so all of this when it's on one box and the services are communicating with each other properly works wonderfully now when you're a noob and you're like oh i'm going to build my own why have every server service on one box i'm going to i'm going to radically silo or separate off all of my different services so dhcp will be on one box and dns will be on one box and everything else right one of the problems that you can have is that you need to make sure that these server services are able to communicate with each other or that it doesn't matter if the the computers that are resolving or that are getting the dacp addresses that it doesn't matter if their host names can resolve because in this system right the computer communicates up with the dacp server the dhcp server gives the ip address and the dns server is in the dark it's not given any of that information so when pc2 over here tries to resolve the ip address information for pc1 it's going to go to the dns server that is separated now from the dacp server say hey who is pc1 and the dns server is going to go i don't know why asking me why you asking me i don't know and again then things can go poorly um so this is just one of those things just to keep in your mind when you're thinking about separating off server services and all that think about how these server services communicate with each other and then decide does it really make sense uh to put your dns and your dhcp server on different boxes uh you can have a problem with this like right now like i love pie holes i love potholes and i cannot lie if you have not set up a pie hole you need a set of a pie hole anyways what a pie hole does is it actually acts as a dns server for your local area network but when you try to resolve to nefarious domain names or advertisers domain names it'll it'll basically just sync the dns resolution right so if you're trying to go to a bad site if you're trying to go to a bad site when you go to the dns server the dns server will see oh that's bad site and so it'll just resolve to like 0.0.0.0 a crap ip address then when your computer tries to go to that crap ip address it will fail out right because it's a bad thing well that that's one of the things to consider with a pie hole this is a very good service definitely put a pie hole on your network but you can configure your pie hole to be a dns server and you can have it not be the dhcp so you can leave the dhcp service running on your router that you have so you have your router that's connected to your internet and so one of the issues here is that if you start using that pi hole for dns services but your dhcp services are on your router then if you try to resolve host names internally server file server printer whatever the hell your host names are then you can run into problems so like even with the pi hole you can configure it it'll be do the dns services because that's what it's supposed to do but you can also have the pie hole do your dhcp services uh also and so that is one of the things that you would configure so generally when you're thinking about it have your dns and your dhcp server be on the same box the same instance whatever the same operating system essentially so that they communicate with each other and if you're if you're having host name i p address resolution problems the reason for this is is most likely the dns and your dacp server services are not communicating properly now along the lines with the dns and the dhcp being on the same box i do also need to take a second and talk about active directory in the microsoft world so if you deal with an enterprise environment you are going to be dealing with active directory so active directory these are essentially security services for your network that gives you one centralized place in order to administer uh security privileges uh security permissions for your users for your computers you can do all kinds of fancy stuff from one central location in order to configure all the security policies for you know ten or hundreds or thousands or hundreds of thousands of different computers it's a great thing but do remember in the microsoft world everything kind of gets wrapped up together right so in order to make sure your active directory network remains secure microsoft really wants you to use microsoft dns services and microsoft dhcp servers and mac microsoft active directory services so that they can all communicate with each other properly and so that information can be relayed and users and computers can get the access that they should be getting one of the things that i've seen in the past i've seen stupid noob texts stupid noob texts the stupidest things sometimes you know somebody people will think hey maybe i should make my dhcp server or my dns server i'm going to use a different uh server software than what microsoft provides so when you purchase microsoft server i think it's microsoft server 2019 right now there there's roles called roles roles on it but anyways there there's a there's services that you can install onto that server uh one of them will be a dns and dhcp and active directory also things like routing and remote access these are vpn services right and they all they all really want to be able to communicate with each other and know what the hell is going on so if you're somebody i'm not saying who and you decide to put your uh your dhcp or dns or whatever on an entirely different box you decide to do a pie hole in a microsoft environment just realize you're probably going to be a sad person you're probably going to be a sad person because the issue is going to be you have to make sure that your dns and dacp is communicating with active directory that active directory is communicating with dns and dacp that all this is communicating with all the other services as they should be communicating because if all that communication isn't working properly then the services will generally fail so i don't know the tldr is if you're using microsoft for your environment just use the entire microsoft stack if you decide to use other server services again linux server pi hole whatever else you may run into some very very weird problems very weird problems that are just not worth the time and effort so just use microsoft so the final thing to talk about when we're talking about dhcp servers is the very limited amount of security that they offer do realize that whenever you're building out your infrastructure whenever you're building out your network uh different services on your network have more or less security and basically for the services that have very little security you need to protect them with other services that have more security right when you deal with dhcp basically there is incredibly little security here essentially you connect your computer to the network it needs a dacpip address and your dhcp server is simply going to give it to it right that's just that's just how it works again we start getting into active directory and some other things you have some some security policies there but by and large you connect a computer to the network and it will simply get an ip address from the dhcp server this is one of the issues with hackers when if they're able to get into a facility and connect their raspberry pi uh to to their infrastructure somehow basically they walk into an office they see an unused networking port and they plug their raspberry pi into that networking port one of the issues is the dacp server will readily just give them an iap address 192.168.1.50 let's say and then the hacker that's using that uh that raspberry pi then can use uh nmap you know to do network scanning or can then do something else in order to start trying to compromise uh the devices or the system on the network uh this is a real problem that's why when you're dealing with security we have multiple levels of security and so this is one of the reasons that if you have network connections on the walls of your offices only the ones that are currently active should be connected from the patch panel to the switch right that's a form of security if if a hacker comes into your office plugs into a network port that's dead right a layer one issue in the osi model because it's not connected to the switch then they're not able to scan your net where they're not able to grab an ip address and they're not able to scan your network and so something to realize with dhcp is that there's just not a lot of security with it one of the things that may be part of your dhcp server is you can do mac address filtering and many dhcp servers mac address filtering again the media access control address this is layer 2 of the osi model this is literally a globally unique ip address you know you know how people are like oh my golly eli eli have you heard you know the the the the shadow government or whatever the lizard people they're going to try to hard code an identifier into every single computer in the world so that it has a unique id can you believe they're trying to do that eli that's like you mean what they did 50 years ago you mean what's actually part of the ethernet standard as it was created in 1973 yeah every networking device in the world has a globally when i say globally i mean planet earth globally unique identifier it's kind of how ethernet works but anyways you have a mac address onto every single nick every single network interface card or network uh port essentially that that the the device would have uh the mac address the first part of the mac address is essentially the vendor id the second part of the mac address is the essentially a serial number for that for that particular uh network card um and so what you can do with dhcp is you can actually do mac address filtering so you can say only provide dhcp uh ip addresses to to uh to computers that have these specific mac addresses uh so that's one of the things that you can do in an environment that you want to be simple let's just say semi secure let's just say some it's like semi-secure but you have lots of people coming in and out so again let's say you have a wireless network where you're gonna have a lot of sales people but they're all your sales people this is not an internet cafe you're not going to have guests on the network you just sound you simply have sales people that kind of rotate in and out of the office all the time one of the things you can do is as they come into the office you can grab their their mac address you can then put that into the dacp server and say okay resolve a given ip address to somebody with this particular mac address and so you could have a mac address filter where you have two or three hundred mac addresses within your dhcp server that says if if a client asks you for an ip address and it has this mac address then provide an ip address to them that is one way you can try to secure your dhcp server and your infrastructure and it's definitely something that you should take a look at if you have again like that semi-secure environment again within this modern world of like remote workers where you have workers and they do come into the office so they're going to be on your internal infrastructure but they're also going to be going home but they're going to be using the the company-owned computer to connect to things then that's the type of thing where you might use a mac address filter just as kind of that additional layer to make sure that you know somebody can't come in with a raspberry pi just connect to your to your wi-fi grab an ip address and start trying to hack your systems so there you go that's the basics of dynamic host configuration protocol dhcp right this is a client server architecture a client comes on the network and says hey i need an ip address and more or less the dhcp server gives it to them again this is one of those things that's so simple it's so easy that when you have a problem a lot of new techs will lose their damn minds because a lot of times they don't think about the dacp server um i've seen this i've seen this where i've gone in i've configured my dhcp server uh settings right you know this is the scope these are the dns servers these are the the the default gateway one of the important things to realize right if you fat finger something if you're if you're supposed to put 192.168.1.1 as the d8 as the default gateway within the dacp configurations and you put 1.11 by mistake now every single client that grabs an ip address from your dhcp server is now going to try to route through whatever poor computer is not 11 instead instead of one uh i've i've done that right the biggest problem with dacp is essentially when you're configuring the server is literally look at the dacp panel and then just verify it once verify it twice verify it five times and then hit okay the biggest problems i've had with dhcp are the problems that i've created to be quite honest with you uh beyond that one of the big problems that i've seen in the real world especially with sales people and again you can this is a lived experience for me this is lived experience oh my god sales people if you have not deal dealt with salespeople in the enterprise world it's just it's just this weird thing you talk about these are people that are not necessarily the sharpest buttered knife in the drawer but because of what they do they're told they're so special and smart all the time and so they can make your life a living hell because they do they bring the company a lot of money right they sell stuff when stuff gets sold that's what keeps the company going they're also told how wonderful and special and amazing they are and so you get people that aren't exactly very sharp butter knives who are also told they're amazing who also bring the company a lot of money oh it's just painful sometimes and one of the things that you'll see that the sales people and those types of folks will do is they'll go into their network configurations and they will screw around with their network configurations because whatever it is that they're trying to do right they're trying to bypass some kind of security regime right you you install you set up some kind of security regime within your infrastructure to make sure that nobody's looking at porn or doing anything stupid downloading stuff off of limewire or whatever right you do that and then your sales people lock into your infrastructure and start fussing with configurations to literally try to get around the security policies that you created and once they do they then break things by by screwing around with the dns settings or whatever else and it can be a bit of a disaster i've seen this again with like network configurations they'll screw with the dns servers in order to try to get around whatever dns security you have proxy servers so proxy servers we'll talk about in another class is essentially you can go through you can go through one server to bounce out through the internet kind of like a vpn kind of like a vpn but without a lot of the security built into it and so a lot of sales people again i'll beat up on sales people because they beat up on me right they'll they'll plug in proxy server information so they can they can basically get around all of your website filtering or whatever that you have and so a lot of times right they'll they'll fuss with all these configurations and it all goes to hell and then you're sitting there trying to figure out why go go in re reset the the ip address configurations on the computer and you should be you should be good to go again do be careful uh with uh with putting multiple dacp servers on your lan essentially think about the lan as a switch again there's something called vlans anyways don't worry about vlans anything connected to the switch right anything connected to switch more or less make sure there's only one dhcp server if you're going to have more than one dhcp server know what the hell you're doing and why because if you have multiple dhcp servers connected to the same lan and they're not configured properly how they should be you can run into lots of problems you can basically have two entirely different ip address schemes being sent out to the different clients again i say with microsoft dacp servers back in the day if they recognize a different dacp server on the network and they would just turn themselves off for some reason which was its own idiocy you can run into a lot of problems so again if you're dealing with the microsoft world right microsoft you know really believes in backup services and backup servers so in that world you can have your primary daacp server and a secondary dhcp server so if one fails it autofit you know the network auto fails over the second one but that's a configuration within the microsoft world you're more or less uh not gonna be dealing with that type of thing again you've got your scope the big the big thing to remember with your scope is is to think about creating a static ip address scheme at the beginning of your your your subnet so again if you have 192.168.1.x i would say reserve.1 through dot 20 just allow yourself 20 ip addresses addresses that you can statically configure for servers networking equipment printers that type of thing and then release the rest of the scope to dhcp server again 192.168.1.21 all the way up to 192.168.1.254 and then you can have that entire scope do not put uh basically static ip addresses or addresses that are being used statically within the scope or the dhcp server may actually provide those ip addresses to other computers you get two ip addresses on the network everything kind of goes to hell again we look at reserved addresses generally reserved addresses when you're dealing with dacp is more more or less kind of like a notebook it tells an administrator what addresses are reserved for what okay 192.168.1.21 is reserved for the router 192.168.1.10 is reserved for the active directory server 192.168.1.21 or whatever is reserved for the exchange server but it's more like a notebook it's more it's more like informational purposes and then you as the administrator you look to those reserved addresses and then you go audit your infrastructure and make sure those computers are actually there right because again you think about old infrastructure you may have addresses that got reserved 10 years ago so let's say back in the day you had a cluster you had a cluster of servers because servers weren't very powerful back then so you had five servers to provide one service you had a refresh cycle servers became more powerful so now you have one server in order to provide the same service you may have reserve you may still have reserved in the system those five different ip addresses simply because nobody went in and just took them out of the system right so that's one thing to think about uh then you get down to the the dacp the the the lease length so the lease is essentially how long an ip address is given to uh to the host computers uh again if you're dealing with a pretty static environment i would say put that at a week every time a client has to talk to a server quirky crap might happen the le the less the they talk the better in general uh and so if they don't have to communicate very often that's good again in a in a cafe that offers you know wi-fi access though you may need to have a very short lease like maybe let's say only an hour you may have some quirky problems but hey you sell coffee not you're not really selling internet service so you just you just ignore the problem again that's what a lot of these companies do nowadays uh hotels internet cafes that type of thing it's not that they don't have problems with their network they just don't care they can do that they can do that we sell coffee and bagels the wi-fi is an additional thing anyway so with them they may want to cut that lease length down to an hour just to make sure that they have enough ip addresses that the the dacp server gets back the ip addresses that it's handed out so it can give to more users do remember with this too is that server services work together they work in tandem many times so dns and dhcp generally should be on the same box if they're not on the same box they should be communicating with each other however you do that particular configuration right because again not only do you want the client to get that ip address but you also want dns to register whatever their host name is so if a different computer on the network needs to be able to access that host it can just resolve the host name to the ip address and go from there if your dhcp and dns are in two entirely different boxes and you have not somehow configured them to communicate you can run into some really weird dns resolution problems so be careful with that the same is true again when you're dealing with a microsoft world again the microsoft world once you have decided on the microsoft stack here's the thing here's the thing there is a huge argument on whether or not you should decide to go with the microsoft stack that's its own argument that is an argument here's what i'm going to tell you once you or your company has decided to use the microsoft stack don't be a smarty pants just use the damn microsoft stack again when you start talking about dhcp dns active directory routing remote access services when you have you have so much stuff that is so tightly interwoven within the microsoft world and so when you decide to start using a pie hole for your dns services for your 100 person company that uses microsoft active directory um it's not going to go well for you i'm just going to tell you it's not going to go well so the microsoft world again once you've decided to use microsoft or your ceo has decided to use microsoft you just stick with that world so i hope all that makes sense i hope that makes sense this is one of those this is one of those classes it it it's it's ended up being a lot longer than i thought it was going to be it was like hey i'm just going to sit there for 20 minutes and explain dhcp and then it's like oh well yeah took a little bit longer than 20 minutes but hopefully now you understand more about dynamic host of configuration protocol again it's an incredibly valuable thing honestly it's relatively easy if you don't fat finger and you you you you check and you verify and you make sure what you're doing before you hit the apply button it's a very very very simple service that makes everybody's life a lot easier the problem that you're going to run into though is it's such a simple service people decide to do really stupid things and then your life becomes miserable again that's where i talk about the osi model the seven layers of the osi model and i talk about how using those layers are useful for troubleshooting where a problem is again this is one of those things where you sit there and your salesperson is having a problem connecting with the database server and if you can go through and you can start getting really good at the troubleshooting routines this is just one of those things where it's like okay i i see the green light the green light is blinking or the wi-fi thing is connected so i know they're connected to the network i know everybody else on the local area network everything is communicating fine so i know the server is up and running i have a sales person in front of me so the first thing that i'm gonna do after i've done all that is simply go into network configurations and clear out all the crap they threw in there and then see if the problem is solved right uh that again that that's why things like the osi model are important again it's that whole it's that whole troubleshooting process trying to understand where where you think the problem may be and also understanding why you might be having that type of problem so anyways there you go hope that made sense hope it made sense as always i enjoy teaching this class look forward to seeing the next one