Richard Bucker

Static or Dhcp

Posted at — Apr 29, 2020

The question on inquiring minds is whether it’s advantageous to deploy systems and services assigning static IPs to each host, using DHCP, DHCP with long/static leases or some combination. Each choice has it’s own advantages and disavantages such that making the choice may be purely subjective. It may also depend on the number of hostnames/IPs as well as the reliability, topology and trust of the network.

But which is better?

In my lab I have both wired and wireless networks. Managed and unmanaged switches. Multiple WAN services. Streaming audio and video. Remote database connections with bulk ETL data transfers. Desktops, laptops, tablets, eBooks. Docker, Docker Swarm, VMware… amounting to hundreds of hostnames.

DHCP’s strength is also it’s weakness. While deploying a new network all the new machines will be assigned clean IPs and the DNS proxy will also have clean data. But when replacing an existing DHCP server with a combination of static and dynamic leases there is potential for IP re-assignment and DNS collision. Also, since static DHCP is as much a product of the client configuration and the lease timeout then more of the same may happen.

Static IPs have their own problems. Resorting to a static network means that you have to be a librarian and update that data on each machine or you need to manage a DNS server which exposes some network information. Probagating host files across systems is a challenge. And the uptime of the DNS server is another dependency such that HA of the service provider is also a challenge.

Can you spell MTBF?

What knowkedge is there in a hostname?

When deploying hostnames with information like ‘db’, ‘web’, ‘company’… then access to a hostname file gives an attacker a hint as to the attack vector. Adding a company or client name in the hostname also provides context for a social attach. So this suggests that DNS should be secure instead of plain.

VLAN?

Topic for another day.

As my new switch is about to be arrive I have to decide whether to go with Static or DHCP. Since it’s an existing system I know my DHCP leases are going to tip over. And converting from DHCP to static will take a long time given the number of hosts… What is also apparent is that the router’s rules use IP addresses which I generally implement as hybrid DHCP-static but since my router upgrade is no upgradable I will need to manually cut, copy, paste the config. :(

Simply put there is no simple answer.