DHCP Best Practices Page 1 of 5

Windows Server TechCenter > Windows Server 2003 Technical Library > Windows Server 2003: Product Help >
Windows Server 2003 Product Help > Network Services > Managing Core Network Services > DHCP

DHCP Best Practices

Updated: January 21, 2005

Best practices
• Use the 80/20 design rule for balancing scope distribution of addresses where multiple DHCP
servers are deployed to service the same scope.

Using more than one DHCP server on the same subnet provides increased fault tolerance for servicing
DHCP clients located on it. With two DHCP servers, if one server is unavailable, the other server can take
its place and continue to lease new addresses or renew existing clients.

A common practice when balancing a single network and scope range of addresses between two DHCP
servers is to have 80 percent of the addresses distributed by one DHCP server and the remaining 20
percent provided by a second. For more information and an example of this concept, see Configuring
scopes [http://technet2.microsoft.com/WindowsServer/en/library/b9b1845d-19f2-4f13-8a7b-
95ca35b021981033.mspx] .

• Use superscopes for multiple DHCP servers on each subnet in a LAN environment.

When started, each DHCP client broadcasts a DHCP discover message (DHCPDISCOVER) to its local
subnet to attempt to find a DHCP server. Because DHCP clients use broadcasts during their initial startup,
you cannot predict which server will respond to the DHCP discover request of a client if more than one
DHCP server is active on the same subnet.

For example, if two DHCP servers service the same subnet and its clients, clients can be leased at either
server. Actual leases distributed to clients can depend on which server responds first to any given client.
Later, the server first selected by the client to obtain its lease might be unavailable when the client
attempts to renew.

If renewal fails, the client then delays trying to renew its lease until it enters the rebinding state. In this
state, the client broadcasts to the subnet to locate a valid IP configuration and continue without
interruption on the network. At this point, a different DHCP server might respond to the client request. If
this occurs, the responding server might send a DHCP negative acknowledgement message (DHCPNAK) in
reply. This can occur even if the original server that first leased the client is available on the network.

To avoid these problems when using more than one DHCP server on the same subnet, use a new
superscope configured similarly at all servers. The superscope should include all valid scopes for the
subnet as member scopes. For configuring member scopes at each server, addresses must only be made
available at one of the DHCP servers used on the subnet. For all other servers in the subnet, use
exclusion ranges for the same scope ranges of addresses when configuring the corresponding scopes.

For more information, see Using

superscopes [http://technet2.microsoft.com/WindowsServer/en/library/3967ddab-0b28-4959-8b4d-
3052c178731b1033.mspx] .

•
Deactivate scopes only when removing a scope permanently from service.

Once you activate a scope, it should not be deactivated until you are ready to retire the scope and its

http://technet2.microsoft.com/windowsserver/en/library/75cd0e1f-f464-40ea-ac88-2060e6... 5/19/2008
DHCP Best Practices Page 2 of 5

included range of addresses from use on your network.

Once a scope is deactivated, the DHCP server no longer accepts those scope addresses as valid
addresses. This is only useful when the intention is to permanently retire a scope from use. Otherwise,
deactivating a scope causes undesired DHCP negative acknowledgement messages (DHCPNAKs) to be
sent to clients.

If the intent is only to affect temporary deactivation of scope addresses, editing or modifying exclusion
ranges in an active scope achieves the intended result without undesired results.

For more information, see Manage

Scopes [http://technet2.microsoft.com/WindowsServer/en/library/7e62b350-f4ea-4509-9ffd-
867e38269f581033.mspx] .

• Use server-side conflict detection on DHCP servers only when it is needed.

Conflict detection can be used by either DHCP servers or clients to determine whether an IP address is
already in use on the network before leasing or using the address.

DHCP client computers running Windows 2000 or Windows XP that obtain an IP address use a gratuitous
ARP request to perform client-based conflict detection before completing configuration and use of a server
offered IP address. If the DHCP client detects a conflict, it will send a DHCP decline message
(DHCPDECLINE) to the server.

If your network includes legacy DHCP clients (clients running a version of Windows earlier than
Windows 2000), you can use server-side conflict detection provided by the DHCP Server service under
specific circumstances. For example, this feature might be useful during failure recovery when scopes are
deleted and recreated. For more information, see DHCP
Troubleshooting [http://technet2.microsoft.com/WindowsServer/en/library/ddec7336-7567-4058-9c2c-
fb461765893f1033.mspx] .

By default, the DHCP service does not perform any conflict detection. To enable conflict detection,
increase the number of ping attempts that the DHCP service performs for each address before leasing
that address to a client. Note that for each additional conflict detection attempt that the DHCP service
performs, additional seconds are added to the time needed to negotiate leases for DHCP clients.

Typically, if DHCP server-side conflict detection is used, you should set the number of conflict detection
attempts made by the server to use one or two pings at most. This provides the intended benefits of this
feature without decreasing DHCP server performance.

For more information, see Enable address conflict

detection [http://technet2.microsoft.com/WindowsServer/en/library/4950c160-33e0-4c7a-a0c8-
ece07458699b1033.mspx] .

• Reservations should be created on all DHCP servers that can potentially service the reserved
client.

You can use a client reservation to ensure that a DHCP client computer always receives the same IP
address lease at startup. If you have more than one DHCP server reachable by a reserved client, add the
reservation at each of your other DHCP servers.

This allows the other DHCP servers to honor the client IP address reservation made for the reserved
client. Although the client reservation is only acted upon by the DHCP server where the reserved address
is part of the available address pool, you can create the same reservation on other DHCP servers that
exclude this address.

For more information, see Add a client

reservation [http://technet2.microsoft.com/WindowsServer/en/library/78171281-13f4-4446-8ee2-
431cb79ae6df1033.mspx] .

•
For server performance, note that DHCP is disk-intensive and purchase hardware with optimal

http://technet2.microsoft.com/windowsserver/en/library/75cd0e1f-f464-40ea-ac88-2060e6... 5/19/2008
DHCP Best Practices Page 3 of 5

disk performance characteristics.

DHCP causes frequent and intensive activity on server hard disks. To provide the best performance,
consider RAID solutions when purchasing hardware for your server computer that improves disk access
time.

When evaluating performance of your DHCP servers, you should evaluate DHCP as part of making a full
performance evaluation of the entire server. By monitoring system hardware performance in the most
demanding areas of utilization (CPU, memory, disk input/output), you obtain the best assessment of
when a DHCP server is overloaded or in need of an upgrade.

Note that the DHCP service includes several System Monitor counters that can be used to monitor service.
For more information, see Monitoring DHCP server
performance [http://technet2.microsoft.com/WindowsServer/en/library/36d7abb5-094a-4727-94df-
8778f1fa068f1033.mspx] .

• Keep audit logging enabled for use in troubleshooting.

By default, the DHCP service enables audit logging of service-related events. Audit logging provides a
long-term service monitoring tool that makes limited and safe use of server disk resources. For more
information, see Audit logging [http://technet2.microsoft.com/WindowsServer/en/library/753fcae1-8b02-
48de-b2af-f431277cf72a1033.mspx] .

For more information on interpreting server audit log files, see Analyzing server log
files [http://technet2.microsoft.com/WindowsServer/en/library/2a535b4d-1771-485b-8bfa-
459d35d563fb1033.mspx] .

• Reduce lease times for DHCP clients that use Routing and Remote Access service for remote
access.

If Routing and Remote Access service is used on your network to support dial-up clients, you can adjust
the lease time on scopes that service these clients to less than the default of eight days. One
recommended way to support remote access clients in your scopes is to add and configure the built-in
Microsoft vendor class provided for the purpose of client identification.

• Increase the duration of scope leases for large, stable, fixed networks if available address
space is plentiful.

For small networks (for example, one physical LAN not using routers), the default lease duration of eight
days is a typical period. For larger routed networks, consider increasing the length of scope leases to a
longer period of time, such as 16-24 days. This can reduce DHCP-related network broadcast traffic,
particularly if client computers generally remain in fixed locations and scope addresses are plentiful (at
least 20 percent or more of the addresses are still available).

• Integrate DHCP with other services, such as WINS and DNS.

WINS and DNS can both be used for registering dynamic name-to-address mappings on your network. To
provide name resolution services, you must plan for interoperability of DHCP with these services. Most
network administrators implementing DHCP also plan a strategy for implementing DNS and WINS servers.

•
For routed networks, either use relay agents or set appropriate timers to prevent undesired
forwarding and relay of BOOTP and DHCP message traffic.

If you have multiple physical networks connected through routers, and you do not have a DHCP server on
each network segment, the routers must be capable of relaying BOOTP and DHCP traffic. If you do not
have such routers, you can set up the DHCP Relay Agent component on at least one server running
Windows Server 2003 in each routed subnet. The relay agent relays DHCP and BOOTP message traffic
between the DHCP-enabled clients on a local physical network and a remote DHCP server located on
another physical network.

When using relay agents, be sure to set the initial time delay in seconds that relay agents wait before

http://technet2.microsoft.com/windowsserver/en/library/75cd0e1f-f464-40ea-ac88-2060e6... 5/19/2008
DHCP Best Practices Page 4 of 5

relaying messages on to remote servers. For more information on DHCP relay agents, see DHCP/BOOTP
Relay Agents [http://technet2.microsoft.com/WindowsServer/en/library/22d1f48c-4c68-4c9a-a6f8-
16a9ac3e0ce91033.mspx] .

• Use the appropriate number of DHCP servers for the number of DHCP-enabled clients on your
network.

In a small LAN (for example, one physical subnet not using routers), a single DHCP server can serve all
DHCP-enabled clients. For routed networks, the number of servers needed increases, depending on
several factors, including the number of DHCP-enabled clients, the transmission speed between network
segments, the speed of network links, whether DHCP service is used throughout your enterprise network
or only on selected physical networks, and the IP address class of the network. For more information on
determining how many DHCP servers to set up, see Planning DHCP
networks [http://technet2.microsoft.com/WindowsServer/en/library/3040afd1-e82b-4ded-8fcd-
aa8fe021fcc11033.mspx] .

• For DNS dynamic updates performed by the DHCP service, use the default client preference
settings.

The Windows Server 2003 DHCP service can be configured to perform DNS dynamic updates for DHCP
clients based on how clients request these updates to be done. This setting provides the best use of the
DHCP service to perform dynamic updates on behalf of its clients as follows:

• DHCP client computers running Windows 2000, Windows XP, or a Windows Server 2003 operating
system explicitly request that the DHCP server only update pointer (PTR) resource records used in
DNS for the reverse lookup and resolution of the client's IP address to its name. These clients
update their address (A) resource records for themselves.

• Clients running earlier versions of Windows cannot make an explicit request for DNS dynamic
update protocol preference. For these clients, the DHCP service updates both the PTR and the A
resource records when the service is configured to do so.

For more information, see Using DNS servers with

DHCP [http://technet2.microsoft.com/WindowsServer/en/library/d0e19b57-c368-46c2-b017-
caf25ae150ec1033.mspx] , Enable DNS dynamic updates for
clients [http://technet2.microsoft.com/WindowsServer/en/library/381264ed-e190-4b0b-8947-
a222bee677d91033.mspx] , and Configure DNS dynamic update
credentials [http://technet2.microsoft.com/WindowsServer/en/library/179d4f6c-9482-4dac-8f03-
74bd78b7d2631033.mspx] .

•
Use the manual backup and restore methods in the DHCP server console.

Use the Backup command on the Action menu of the DHCP console to perform full backup of the DHCP
service at an interval that protects you from significant data loss. When you use the manual backup
method, all DHCP server data is included in the backup, including all scope information, log files, registry
keys, and DHCP server configuration information (except DNS dynamic update credentials). Do not store
these backups on the same hard drive upon which the DHCP service is installed, and make sure that the
access control list (ACL) for the backup folder only contains the Administrators group and DHCP
Administrator groups as members. In addition to performing manual backups, backup to other locations,
such as a tape drive, and make sure unauthorized persons do not have access to your backup copies. You
can use Windows Backup for this purpose. For more information, see Best practices for
Backup [http://technet2.microsoft.com/WindowsServer/en/library/9f772381-c627-4c82-bf34-
b4e4e05dbe0d1033.mspx] .

When restoring the DHCP service, use a backup created with the manual Backup command or a copy of
the database created with synchronous backup by the DHCP service. In addition, use the Restore
command on the Action menu in the DHCP console to restore a DHCP server.

For more information, see Backing up the DHCP

database [http://technet2.microsoft.com/WindowsServer/en/library/b681244f-9e06-48f6-ab67-

http://technet2.microsoft.com/windowsserver/en/library/75cd0e1f-f464-40ea-ac88-2060e6... 5/19/2008
DHCP Best Practices Page 5 of 5

050ff95307101033.mspx] and Restoring server

data [http://technet2.microsoft.com/WindowsServer/en/library/4192333e-b961-4ada-b69e-
f1f3070c47821033.mspx] .

• Follow the recommended process for moving a DHCP server database from old server
computer hardware to new hardware.

Moving a DHCP server database can be problematic. To manage moving the server database more easily,
choose and follow a process tried and used by Microsoft Product Support Services such as the following:

• For restoring server data at the same server computer, see Restoring server
data [http://technet2.microsoft.com/WindowsServer/en/library/4192333e-b961-4ada-b69e-
f1f3070c47821033.mspx] .

• For moving DHCP server data to another server computer, such as in the case of hardware failure
or data recovery, see Move a DHCP database to another
server [http://technet2.microsoft.com/WindowsServer/en/library/4207a8c1-2788-4be8-b9f8-
ce28501a24571033.mspx] .

• Before you install a DHCP server, identify the following:

• The hardware and storage requirements for the DHCP server.

For more information, see Planning DHCP

networks [http://technet2.microsoft.com/WindowsServer/en/library/3040afd1-e82b-4ded-8fcd-
aa8fe021fcc11033.mspx] .

• Which computers you can immediately configure as DHCP clients for dynamic TCP/IP configuration
and which computers you should manually configure with static TCP/IP configuration parameters,
including static IP addresses.

For more information, see Checklist: Configuring

TCP/IP [http://technet2.microsoft.com/WindowsServer/en/library/99f79ed8-df1e-49a6-a4f4-
eb13623663011033.mspx] .

• The DHCP option types and their values to be predefined for DHCP clients.

For more information, see Assigning

options [http://technet2.microsoft.com/WindowsServer/en/library/7f9261b1-92ef-40aa-a3b6-
1dd9ab97c46e1033.mspx] .

Manage Your Profile

© 2008 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement

http://technet2.microsoft.com/windowsserver/en/library/75cd0e1f-f464-40ea-ac88-2060e6... 5/19/2008