DHCP authorize

GoldmemberGoldmember Member Posts: 277
What is the benefit of authorizing DHCP servers?

In the MS press book it mentions that if you have two or more DHCP servers and one of them is authorized, the non-authorized will stop providing addresses.

What if all your DHCP servers are non-authorized???

What is the benefit of having authorized DHCP servers?

Thanks in advance
CCNA, A+. MCP(70-270. 70-290), Dell SoftSkills

Comments

  • royalroyal Member Posts: 3,353
    If I remember correctly, if you have a non-authorized DHCP server, if it's Windows Server 2003, if it detects another authorized DHCP server is handing out IP Addresses, it will halt handing out IPs. So authorizing a DHCP server allows it to authoritatively hand out IP Addresses. Of course you could run a VM, have your own domain, authorize your DHCP server, have that VM bridged to the external network, and have it hand out IPs as a rogue DHCP server, but that's a no-no.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • GoldmemberGoldmember Member Posts: 277
    Thanks for the tip.

    I did some research and it also helps with security. If you have a list of authorized servers, then only servers in the domain can dole out IP addresses. If the servers are all stand alone DHCP I guess security doesn't matter as much.


    What if somebody joins your domain with Windows machine and tries to become DHCP server? You can stop him by using authorized DHCP servers.

    I'm not sure how this would help if somebody with a Linux box decides to become a DHCP server on your Windows network. I think the Linux box might decide who gets what, depending on who responds to the client request for address first.

    That would be a good way to spoof somebody.
    CCNA, A+. MCP(70-270. 70-290), Dell SoftSkills
  • dynamikdynamik Banned Posts: 12,314 ■■■■■■■■□□
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    As far as security, you're right - it only stops other Windows machines from handing out IP addresses. If someone throws a DLINK cable router (or anything else that can hand out IP's) you're still going to have a mess.
    All things are possible, only believe.
  • MishraMishra Member Posts: 2,468 ■■■■□□□□□□
    Does anyone know how much, if any, DHCP traffic you get on your outside interface?
    My blog http://www.calegp.com

    You may learn something!
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Shouldn't get any as far as I know. Unless of course you're on a dynamic assignment from your ISP maybe. By default the routers won't pass DHCP (or any) broadcasts.
    All things are possible, only believe.
  • MishraMishra Member Posts: 2,468 ■■■■□□□□□□
    sprkymrk wrote:
    Shouldn't get any as far as I know. Unless of course you're on a dynamic assignment from your ISP maybe. By default the routers won't pass DHCP (or any) broadcasts.

    Yeah they shouldn't, but I was just wondering if sometimes they trickle down maybe due to some DHCP hacking.
    My blog http://www.calegp.com

    You may learn something!
Sign In or Register to comment.