10.1 Best Practices

  • During the DHCP Server installation, ensure that the Use secure channel for configuration option is selected. This ensures that the authentication mechanism is secured.

  • You should not run the DHCP server as a root user. Instead, use the -user and -group command line option.

  • To run DHCP server in a more secure environment, use the -chroot command line option.

  • To restrict access, use the apparmor profile in /etc/apparmor.d/usr.sbin.dhcpd, which restricts access to directories depending on user permissions.

  • You should store user credentials like usernames and passwords in CASA instead of the /etc/dhcpd.conf file.

  • If you are setting up DHCP servers, you should include the authoritative statement at the top of the configuration file. This ensures that the DHCP server sends DHCPNAK messages to misconfigured clients.

  • Decide the lease time to be allocated based on your environment. Allocate larger lease time for known-clients and a shorter lease time for unknown clients.