Just a little background I'm a fairly young I.T. Tech working in a school only and only been working in the as a technician for a few years so I would still consider myself a "newbie"

Anyway, My boss recently (Friday) increased our DHCP scope and also increased the lease time to 1 year.

Now for some reason Increasing to a year seems wrong although I can't put my finger on why, there isn't any real chance of us running out of IP's and I know it's considered best to have your lease time as long as possible without running out of IP's but a year is ringing alarm bells with me.

EDIT-Additional Info:

The schools pretty up to date, gig switches, fibre to cabinets, 800 PC's 1800 users. I will say this I may have only been working in the industry for 4 years and my first job was basically fixing printers and headsets in a call centre but I've been here 2 years now and I probably shouldn't say this but I really don't like my bosses "style". His reasoning behind it is it's a good idea ....... seriously thats all I could get out of him. its not anything to do with our monitoring software or anything like that.


Just wanted to say thanks to everyone who replied and for making my first server fault question a great experience.

  • 579
  • 6
  • 14
  • 1
    That does seem a little silly. Did your boss provide the rationale behind his/her decision to set the lease time to one year? – joeqwerty Aug 06 '12 at 13:07
  • 11
    My (and **many** other SAs) rule of thumb is 1-2 weeks unless you have a *really awesome* reason for anything else. – Chris S Aug 06 '12 at 13:40
  • If I had to guess (and that's all I can do at this point), your boss is probably solving a problem "the wrong way"... for instance he may want to track/acl certain user's activity by keeping addresses semi-static – Mike Pennington Aug 06 '12 at 13:49
  • 2
    I've seen it go the other way (5-minute leases), and it was absolute pandemonium. A lease between 1 day and two weeks should be adequate for about four-9's of the population. – gWaldo Aug 06 '12 at 15:33
  • There may be legal reasons to do this, specifically for content filtering software and tracking browsing history by IP. – KJ-SRS Aug 06 '12 at 19:48
  • Don't forget to make an answer as accepted once you have the information you are looking for, otherwise edit your question to add more detail. – Brent Pabst Aug 06 '12 at 21:42

4 Answers4


Technically there is nothing wrong with this lease time, especially if in the school the computers and devices on the network rarely change. However, the general rule of thumb is that your leases should be long enough to reduced network bandwidth and server load in the event that you have a large amount of devices who could potentially need leases.

So technically, no there is nothing wrong with this, the system is designed to support it, but from a usability and maintenance viewpoint it may get to be confusing and hard to maintain if you have to eventually go in an kill old leases when machines come or go. Especially if you want to make any network changes within a year as well.

In the past I have typically stuck to lease times of about a day but no more than a week. It really isn't that much load and a properly loaded DHCP server or servers should be able to handle that load just fine.

Brent Pabst
  • 6,059
  • 2
  • 23
  • 36
  • 3
    Agree: The load caused by DHCP is absolutely minimal. Any system that reboots (or reconnects) is going to talk to the DHCP server anyway. In general it makes no sense to set the lease-time any longer than 2-3 times the average uptime of the clients. (Or 2-3 times the average online time if they go on/off the LAN often, like laptops.) – Tonny Aug 06 '12 at 13:28
  • 9
    Most of your answer is spot-on, but I honestly don't thing bandwidth and server load are realistic concerns. Compared to the rest of the traffic on a network, DHCP traffic is a tiny, tiny percentage, and even the most modest hardware would be able to serve thousands of simultaneous DHCP requests. – EEAA Aug 06 '12 at 13:28
  • 1
    @ErikA Agreed, just not sure how old his system is, especially since its a school, if its a Univeristy bandwidth is usually a concern due to the amount of concurrent downloads, either way just wanted to lay it all out. – Brent Pabst Aug 06 '12 at 13:30
  • bandwidth is not a concern, and we are planning to replace all staff PC's over the next 12-24 months depending on budgets – Le_Quack Aug 06 '12 at 15:22
  • 2
    If you are planning to replace computers I would lower that lease time as soon as possible and potentially void the current leases. – Brent Pabst Aug 06 '12 at 15:30
  • It won't be happening unless the boss is onboard with it as it's not one of my "things" that's why I asked the question hoping there was a solid reason for it being a bad idea. – Le_Quack Aug 06 '12 at 15:48
  • 1
    @Le_Quack I hear you. Only thing I can offer is potential network problems down the road when you have to manually release leases that are hanging around even though the computers were destroyed months earlier. Good luck! – Brent Pabst Aug 06 '12 at 16:08
  • @BrentPabst If you have enough IP addresses there is no reason to manually expire leases. – kasperd Nov 17 '18 at 22:51

Hanging on to IPs so long, there is a risk as devices move through your system. Anything extra that comes in now has a very long hold on your network. Mostly it should just be your own devices, but things happen: exceptions are granted for presenter laptops, mistakes are made, faculty/students sneak their own equipment in, etc. It would be easy to accidentally fill up your dhcp scope, and that can cause all kinds of weirdness. More than that, what happens when it's time to retire the dhcp server? You'll have a school full of IPs that won't automatically expire for months. A machine that's left running won't even check that it's still okay to keep using it's ancient address. In the meantime the replacement server will have a hard time handing out valid addresses, because it doesn't know who's still holding onto what.

Network services like dhcp have default options for a reason. Anytime you override the default, you should have a good reason to do so. What is the design goal here? If you just want a stable IP pool, my experience is that 10 days or so is more than long enough. The dhcp protocol specifies that clients ask for, and servers can be configured to grant (if possible), the same IP they had previously. This is the default for Microsoft's dhcp service. Thus, relatively short lease times can still yield stable addresses. Even the default 8 days on Microsoft's server is pretty stable. At a school, there might be some concern with equipment going mainly unused over the summer, but even then, use that as a your measuring stick and go for something more like 90 days... and even that seems like a stretch. It would be better to ask yourself if you really need that stability between the Spring and Fall terms.

Of course, I'm making a leap here that stable IPs are the goal of the decision. Until we know the goal and constraints, we can't really evaluate the method used to reach it. But color me skeptical.

Joel Coel
  • 12,910
  • 13
  • 61
  • 99
  • 3
    "At a school, there might be some concern with equipment going mainly unused over the summer, but even then, use that as a your measuring stick and go for something more like 90." - even then, wouldn't you just remember that one of the points of DHCP is that it handles worrying about that sort of thing so that you don't have to, then go back to relaxing with a refreshing cup of $beverage_of_choice – Rob Moir Aug 06 '12 at 13:42
  • 1
    @DJPon3 presuming they want stable IPs. This is common at schools where students may sit at most machines and there are strict monitoring requirements. – Joel Coel Aug 06 '12 at 14:21
  • I work in a college environment myself, which admittedly isn't exactly the same as a school... but at no time during the consideration of this sort of problem would the phrase "lets use 1 year long DHCP leases" cross my lips. Technically it might work but it's never going to be the best solution to any problem, we both know that. We're using 8 day leases with zero problems. – Rob Moir Aug 06 '12 at 14:28
  • 1
    @JoelCoel If they really want stable IPs w/ DHCP, then they need a reservation, not a year long lease. – MDMarra Aug 06 '12 at 14:30
  • I agree 1 year leases are horrible for this; my answer lists two reasons why. But I think that's what is going on here anyway. – Joel Coel Aug 06 '12 at 14:49
  • Reservations on the scale of an entire school would be horrible to manage. That's not really a good solution either. – Joel Coel Aug 06 '12 at 14:56
  • 1
    Agreed. It might *Suck Less* though. – Rob Moir Aug 06 '12 at 14:58
  • reservations would have probably been my suggestion if there was a reason for it. – Le_Quack Aug 06 '12 at 15:28
  • @Le_Quack Reading your edit, I can definitely say it's not "a good idea", and you can use the reasons in this answer (ip exhaustion, inability to smoothly replace dhcp server), plus the exhaustion exploit in hopelessNoob's answer as reasons why. – Joel Coel Aug 06 '12 at 15:47
  • 1
    _"More than that, what happens when it's time to retire the dhcp server? You'll have a school full of IPs that won't automatically expire for months. A machine that's left running won't even check that it's still okay to keep using it's ancient address."_ ^^ This! – abstrask Aug 08 '12 at 07:48

Would your boss be amused if you scripted a bunch of VMs (or even physical machines) to change their MAC address, reconnect to the network and repeat the process every ~30 seconds indefinitely?

That's the first idea that comes to my mind when I hear something ridiculous like a 1 year DHCP lease. And if it occurred to my deranged mind to exploit your boss' stupid policy thusly, other deranged minds will probably have the same thought if they notice the lease time. [Sarcasm] But wait, you work at a school, so there's probably very little risk that some kid with more smarts than judgement would pull a stunt like that... [/sarcasm.]

While there's nothing that says this is technically wrong, you may as well run around and set the swap file size to 100 GB on all your 32 bit machines while you're at it. No reason to just just waste IP addresses and set yourself up for a network headache when you can accomplish the same thing at a machine level too. :/

  • 53,385
  • 32
  • 133
  • 208
  • 2
    LOL I can see a student doing something like this if they had the chance. we get the never ending loop script at least a couple of times a year – Le_Quack Aug 06 '12 at 15:27
  • I really don't see how this deranged idea is relevant. Even if lease time was one week or even one day, the same student could easily consume all the IPs in the scope using such a method to create downtime. The resolution would be the same in both cases - blow away the bad leases. A longer lease time really has no bearing on this. – Paul Ackerman Aug 07 '12 at 22:56
  • @PaulAckerman Other than highlighting the major downsides of issuing a 1 year lease on IP addresses, and even inviting or encouraging a certain kind of mind to point it out to everyone by abusing it in such a manner? – HopelessN00b Aug 08 '12 at 02:04
  • 1
    @HopelessN00b I just don't see how it invites or encourages this behavior when you can do the same thing regardless of the lease time. Its like saying you left your door unlocked so I can TP your house. The attack has nothing to do with the problem. If he's trying to convince his boss why a 1 year lease is stupid, this is not a compelling argument. – Paul Ackerman Aug 08 '12 at 13:10

When I managed a school network, I wanted stable addresses (which I assume is what your boss is aiming at), but rather than setting a long lease time, I just used static assignments (DHCP reservations). Every PC had to be provisioned when it was initially bought, so at that time its MAC address was registered and it got a fixed IP address based on its use and location.

Paul Gear
  • 3,938
  • 15
  • 36