DHCP authorize
Goldmember
Member Posts: 277
What is the benefit of authorizing DHCP servers?
In the MS press book it mentions that if you have two or more DHCP servers and one of them is authorized, the non-authorized will stop providing addresses.
What if all your DHCP servers are non-authorized???
What is the benefit of having authorized DHCP servers?
Thanks in advance
In the MS press book it mentions that if you have two or more DHCP servers and one of them is authorized, the non-authorized will stop providing addresses.
What if all your DHCP servers are non-authorized???
What is the benefit of having authorized DHCP servers?
Thanks in advance
CCNA, A+. MCP(70-270. 70-290), Dell SoftSkills
Comments
-
royal Member Posts: 3,352 ■■■■□□□□□□If I remember correctly, if you have a non-authorized DHCP server, if it's Windows Server 2003, if it detects another authorized DHCP server is handing out IP Addresses, it will halt handing out IPs. So authorizing a DHCP server allows it to authoritatively hand out IP Addresses. Of course you could run a VM, have your own domain, authorize your DHCP server, have that VM bridged to the external network, and have it hand out IPs as a rogue DHCP server, but that's a no-no.“For success, attitude is equally as important as ability.” - Harry F. Banks
-
Goldmember Member Posts: 277Thanks for the tip.
I did some research and it also helps with security. If you have a list of authorized servers, then only servers in the domain can dole out IP addresses. If the servers are all stand alone DHCP I guess security doesn't matter as much.
What if somebody joins your domain with Windows machine and tries to become DHCP server? You can stop him by using authorized DHCP servers.
I'm not sure how this would help if somebody with a Linux box decides to become a DHCP server on your Windows network. I think the Linux box might decide who gets what, depending on who responds to the client request for address first.
That would be a good way to spoof somebody.CCNA, A+. MCP(70-270. 70-290), Dell SoftSkills -
dynamik Banned Posts: 12,312 ■■■■■■■■■□This technet article covers DHCP authorization pretty well: http://technet2.microsoft.com/windowsserver/en/library/9a4157c4-3c2f-4871-9ffe-7d405781f2cf1033.mspx?mfr=true
-
sprkymrk Member Posts: 4,884 ■■■□□□□□□□As far as security, you're right - it only stops other Windows machines from handing out IP addresses. If someone throws a DLINK cable router (or anything else that can hand out IP's) you're still going to have a mess.All things are possible, only believe.
-
Mishra Member Posts: 2,468 ■■■■□□□□□□Does anyone know how much, if any, DHCP traffic you get on your outside interface?
-
sprkymrk Member Posts: 4,884 ■■■□□□□□□□Shouldn't get any as far as I know. Unless of course you're on a dynamic assignment from your ISP maybe. By default the routers won't pass DHCP (or any) broadcasts.All things are possible, only believe.
-
Mishra Member Posts: 2,468 ■■■■□□□□□□sprkymrk wrote:Shouldn't get any as far as I know. Unless of course you're on a dynamic assignment from your ISP maybe. By default the routers won't pass DHCP (or any) broadcasts.
Yeah they shouldn't, but I was just wondering if sometimes they trickle down maybe due to some DHCP hacking.