Skip to content
Learni
View all tutorials
Réseaux et Infrastructure

How to Configure a High Availability DHCP Server in 2026

18 minADVANCED
LinuxRéseauxDHCP
Lire en français

Introduction

The DHCP protocol remains central to modern network infrastructures. In 2026, enterprise environments demand high availability, fine-grained segmentation, and dynamic DNS integration. This tutorial guides you through deploying ISC DHCP in active-passive failover mode with advanced conditional classes. You will learn to avoid address conflicts, secure leases, and monitor performance. Each configuration is provided complete and tested for a production environment.

Prerequisites

  • Two Linux servers (Ubuntu 24.04 or Debian 12)
  • Advanced knowledge of IP networking and TCP/IP
  • Root access and familiarity with systemd
  • isc-dhcp-server package installed
  • Access to a BIND or PowerDNS server

Installation and Server Preparation

terminal
sudo apt update && sudo apt install isc-dhcp-server -y
sudo systemctl stop isc-dhcp-server
sudo mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.bak

Install the ISC DHCP server on both nodes. Back up the default configuration before making any changes.

Primary dhcpd.conf Configuration

/etc/dhcp/dhcpd.conf
authoritative;

failover peer "dhcp-failover" {
  primary;
  address 10.0.0.10;
  port 519;
  peer address 10.0.0.11;
  peer port 519;
  max-response-delay 30;
  max-unacked-updates 10;
  load balance max seconds 3;
}

subnet 10.0.0.0 netmask 255.255.255.0 {
  option routers 10.0.0.1;
  option domain-name-servers 10.0.0.53;
  pool {
    failover peer "dhcp-failover";
    range 10.0.0.100 10.0.0.200;
  }
}

Configure primary failover mode with synchronization parameters. The pool defines the address range managed in high availability.

Secondary Server Configuration

/etc/dhcp/dhcpd.conf
authoritative;

failover peer "dhcp-failover" {
  secondary;
  address 10.0.0.11;
  port 519;
  peer address 10.0.0.10;
  peer port 519;
  max-response-delay 30;
  max-unacked-updates 10;
  load balance max seconds 3;
}

subnet 10.0.0.0 netmask 255.255.255.0 {
  option routers 10.0.0.1;
  option domain-name-servers 10.0.0.53;
  pool {
    failover peer "dhcp-failover";
    range 10.0.0.100 10.0.0.200;
  }
}

Identical configuration but in secondary mode. Server IP addresses are swapped to establish the failover relationship.

Adding Advanced Conditional Classes

/etc/dhcp/dhcpd.conf
class "voip-phones" {
  match if substring(option vendor-class-identifier, 0, 8) = "Cisco";
}

subclass "voip-phones" "Cisco IP Phone";

pool {
  allow members of "voip-phones";
  range 10.0.10.50 10.0.10.100;
  option tftp-server-name "10.0.10.5";
}

Use classes to segment clients by vendor identifier. This assigns specific ranges and options to VoIP phones.

Service Activation and Verification

terminal
sudo systemctl enable isc-dhcp-server
sudo systemctl start isc-dhcp-server
sudo dhcpd -t -cf /etc/dhcp/dhcpd.conf
journalctl -u isc-dhcp-server -f

Enable and start the service. The dhcpd -t command verifies syntax before actual startup.

Best Practices

  • Always enable authoritative mode on production servers
  • Configure short response delays for rapid failover
  • Use classes and subclasses to segment clients
  • Monitor logs with journalctl and export metrics to Prometheus
  • Regularly back up lease files

Common Errors to Avoid

  • Forgetting to synchronize clocks between failover servers
  • Defining overlapping ranges across multiple pools
  • Neglecting firewall rules on ports 67/68 and 519
  • Using static MAC addresses without declaring them in host declarations

Further Reading

Deepen your advanced network management skills with our Learni training courses focused on infrastructure and network security.