DHCP addressing vs Static addressing for Servers

Question

I'm having a "lively" debate with a work associate about the reasons for or against using DHCP on servers in a network environment. The network environment in particular is a relatively small network, but in my experience it's always better to have servers on static addresses, especially for things like remote management, etc.

I looked, and could find any specific reasons for or against dynamic addresses assigned on servers so I figured I'd ask the crowd here.

My work associate argues for DHCP assigned server addresses for ease of management, and states if the addresses ever change you don't have to change the server IP manually. I'm dubious about this response.

For management purposes, this network being small, it's no big deal to change the IP of static devices since there's so few.

Any suggestions, ideas or comments?

See [this recent question](http://serverfault.com/questions/198684/force-linux-servers-to-automatically-try-to-get-an-ip-address-if-they-lose-it). — Steven Monday, Nov 07 '10 at 15:15
Do I work at special places since my servers dont change IP adresses? — pauska, Nov 07 '10 at 17:12
possible duplicate of [DHCP or static addressing?](http://serverfault.com/questions/107317/dhcp-or-static-addressing) — John Gardeniers, Nov 07 '10 at 22:45

score 6 · Answer 1 · answered Nov 07 '10 at 16:26

While there are some server functions that must have locally defined IPs, I'm a huge fan of using DHCP for server addresses.

First, as others have noted, you can (and should) use DHCP to serve up static addresses. Assuming Linux, you want this in your dhcpd.conf:

host server {
        option host-name "server.example.com";
        hardware ethernet  xx:xx:xx:xx:xx:xx;
        fixed-address server.example.com;
}

And in your DNS zone file, assign an IP to server.example.com.

Pros:

The DNS zone file is now the 'one source of truth' for all IP assignments. Makes it easy to look for errors (duplicate IPs, typos), and ensures that everyone can find the server's IP address without error
Changes to network infrastructure can be propagated easily. Rolling out a backup DNS server? Just add it to the DHCP config file, and all systems will pick it up as they renew their leases.
Changes to the machine's IP and the machine's DNS entry can't, by definition, get out of sync. Moving a machine to a new subnet? Change the IP in exactly one place, and you're all set.

Cons:

You've added a significant point of failure. Mitigate that with backup DHCP server. Long lease times can also help.
Spanning tree learning mode blocks DHCP requests, which can significantly lengthen machine boot times, and even cause DHCP timeouts. Use portfast to turn off spanning tree on select ports. Good idea for workstation, too, by the way.

You forgot one major con: Network control. Rogue DHCP servers will eat that setup. — pauska, Nov 07 '10 at 17:07
If someone can run a rogue DHCP server on your network, what makes you think that the can't come up with a half-dozen other ways to cause problems? — Zoredache, Nov 07 '10 at 23:05
So why not eliminate the risk altogether? It's one less thing you need to worry about, and on a small network static addresses aren't going to be the big of a nuisance. — Dan, Nov 08 '10 at 16:27

Sam Halicke · Answer 2 · 2010-11-08T01:05:02.280

Why hasn't the combination of something like cfengine or puppet and static IP addresses been brought up? From a bird's-eye view, it's the best of both -- centralized configuration without the loss of a critical-path service to worry about. Does it provide a central way to screw things up? Yes, but so does DHCP.

In larger installations where I have worked, this was all accomplished with a combination of managed kickstarts and cfengine...and it worked beautifully. Additionally, most if not all VPS providers use a provisioning tool that calculates IP addresses and sets them statically in the created instance as well -- another example of configuration management + static IP addresses.

For a sufficiently large installation you should be using configuration management and close to fully automated deployment as-is, not to mention change control procedures that would have these procedures spelled out (ideally).

+1. Totally agree. If you want centralized configuration management, use the tools best suited for it. DHCP should not be used as an ersatz tool for config management. — Steven Monday, Nov 07 '10 at 20:48

score 4 · Answer 3 · answered Nov 07 '10 at 16:02

The biggest issue I see with DHCP being used for servers is that if, for some reason, the DHCP service ever goes down your servers can lose their IP addresses. In addition to that, there's also the security risk of being able to Man-In-The-Middle the servers by controlling their DHCP leases (which controls the default gateway). And, as other posters have said, some servers/services require static IP addresses (domain controllers are a prime example).

Rob Moir · Answer 4 · 2010-11-07T18:02:19.927

I don't agree with the idea of using DHCP for servers - though on very large networks I can imagine this might blur a little - but its a matter of preference rather than a hard and fast thing imho - you can reserve addresses for servers etc (though if you do that then why not just make 'em static which brings me back to why I don't agree with it...).

I think a few server applications either require static IP addresses explicitly, or don't behave at all nicely if their address does happen to change. For me those tend to point hard to it being a bad idea.

score 1 · Answer 5 · answered Oct 11 '14 at 04:08

You want to use STATIC ip addresses with servers that require public to private IP translations. For instance, an email or website server sitting behind a firewall that should be accessible from the internet. Anything that is providing domain services should also use STATIC. Most anything else can use DHCP but use with caution as it has its potential pitfalls as others have mentioned.

score 0 · Answer 6 · answered Nov 07 '10 at 15:29

0

You need to use DHCP reservation to reserve the assigned IPs for the servers and avoid assigning their IPs to other PCs.

answered Nov 07 '10 at 15:29

Khaled

35,688
8
69
98

Well that would certainly work but by the time you've done this what are the savings over static addresses? – Rob Moir Nov 07 '10 at 18:03
@Robert Moir, With a reservation properly set, your system will get the same address if the machine is reinstalled for some reason. (i.e. HD failure, OS corruption, etc) – Zoredache Nov 07 '10 at 23:07
@zoredache - I know that, but I still don't see the benefits to be honest, at least not in most areas. I think this is one of those religious things, in fact I'm going to vote to close as subjective... – Rob Moir Nov 07 '10 at 23:57

score 0 · Answer 7 · answered Nov 07 '10 at 15:43

0

You can get get best of both approaches: use DHCP for everything reserving a range for the workstations and fixing an IP to each server MAC address.

answered Nov 07 '10 at 15:43

Paulo Scardine

153
1
9

DHCP addressing vs Static addressing for Servers

7 Answers7

Linked