Unauthorized DHCP server detection

Unauthorized DHCP servers can cause real problems in a network by allocating incorrect or conflicting configuration information to clients. For example, an administrator or power user might install and start a DHCP server, unaware that one or more DHCP servers already exist on the network. There was previously nothing to prevent this "rogue" DHCP server from starting. Windows Server 2003 addresses that potential problem.

The Active Directory (AD) stores a list of authorized DHCP servers. When a Windows Server 2003 DHCP server in a domain starts, it attempts to determine whether it is listed as an authorized server in the AD. If it is unable to connect to the AD or does not find itself listed in the AD as an authorized server, it assumes it is unauthorized and the service does not accept DHCP client requests. If the server does find itself in the AD, it begins processing client requests.

Workgroup DHCP servers (standalone servers not belonging to a domain) behave somewhat differently. When a workgroup DHCP server starts, it broadcasts a dhcpinform message. Any domain-based DHCP servers on the network respond with dhcpack and provide the name of the directory domain of which they are a part. If the workgroup DHCP server receives any dhcpack messages from domain DHCP servers, the workgroup server assumes it isn't authorized and does not service client requests. If a workgroup DHCP server detects no other servers or detects only other workgroup DHCP servers, it begins processing client requests. Therefore, workgroup DHCP servers will not operate on a network where domain-based DHCP servers are active, but they can coexist with other workgroup DHCP servers.

Was this article helpful?

0 0


  • robur lightfoot
    What is authorized and unauthorized dhcp?
    7 years ago
  • raul
    Where does ad store dhcp servers?
    7 years ago
  • Max
    What security problem unauthorized dhcp server and dhcp client can cause?
    7 years ago
  • herugar
    What kind of security problems can an unauthorized dhcp server and dhcp client cause?
    7 years ago

Post a comment