Conflict detection attempts Windows DHCP Server

[+John Teacake MVC]

I am confused about the "Conflict detection attempts" feature in a Windows DHCP Server. I wanted to set this to a higher value than 1, Say for example 4 or 5. This would wait 5 pings before assigning a client device a spare IP. This should stop all 99.99% of IP Conflicts appearing on Windows Client Devices. Is this right? As its pretty certain after 5 pings that address is free.

However I was told that this number is the number of Rouge DHCP Servers that are allowed on the network so it has to be set at 1 and that if it detected 1 (or more) DHCP servers on the network it shuts itself down.

Which is correct?

[sinetheo]

1st off is the DHCP server on a static IP? 

[+John Teacake MVC]

  On 20/11/2015 at 15:01, sinetheo said:

1st off is the DHCP server on a static IP? 

Yeah of course.

[+BudMan MVC]

Well for starters something not answering ping does not mean its not there on that IP, its firewall might just prevent answering ping.

What windows dhcp server are you using 2k8r2, 2012, 2016?

https://technet.microsoft.com/en-us/library/dd183587(v=ws.10).aspx

I have never seen any sort of setting that detection of another dhcp server it would shut it self down, this seems like a self defeating sort of feature - if detect rouge dhcp server, shut yourself down and allow just the rouge?  That doesn't seem like a good idea.

[+John Teacake MVC]

  On 20/11/2015 at 15:02, BudMan said:

Well for starters something not answering ping does not mean its not there on that IP, its firewall might just prevent answering ping.

What windows dhcp server are you using 2k8r2, 2012, 2016?

https://technet.microsoft.com/en-us/library/dd183587(v=ws.10).aspx

I have never seen any sort of setting that detection of another dhcp server it would shut it self down, this seems like a self defeating sort of feature - if detect rouge dhcp server, shut yourself down and allow just the rouge?  That doesn't seem like a good idea.

Yeah sorry, I meant normal LAN stuff that does allow DHCP. Firewall isnt the issue is, More ping latency. So hence I set I would have set it to 4 or 5 rather than one. 2012 server.

[+BudMan MVC]

setting it higher than 3 could cause for lots of issues in delays in getting a lease.  Many hosts that do dhcp have firewalls and do not answer ping..  Windows built in firewall blocks pings for example out of the gate, it might allow from same segment..  But many dhcp servers are not directly on the same segment, you use a relay/helper say on the switch to forward the dhcp request to the dhcp server.

Many clients and servers also check that nothing answers an arp for that IP, if they show that IP in use they would send back a decline for that lease to the dhcp server.  This was back in the NT4 days, like sp 2 or something when they added that dhcpdecline feature from the rfc 1541 I do believe.

To be honest duplicate IPs handed out by dhcp server is very rare these days, normally its statics where this happens because of lack of good IP management.  Or misconfiguration of dhcp servers where you have more than 1 using, etc..  Most clients wont even accept a lease for a IP they find as duplicate.  I can not recall the last time I have seen a dupe IP issue with dhcp servers.

So for example here is a sniff of dhcp transaction.  Notice right after the discover that arps are sent, server asking hey anyone have this IP 192.168.3.101...  If nothing back it sends the offer, then the request and then you see the ack, you also see right after the ack the client sends out a ARP saying hey anyone got this 192.168.3.101 address.  If the client got something back, it should then send a decline to the dhcp server and then ask for another IP.  The decline would say hey, I don't like that address since something else seems to have it.  And then do another discover process after the dhcp server should of marked that IP as bad.

To be honest you shouldn't even have to send out pings, like I mentioned many devices might not even answer that - but have never seen anything not answer ARP..  Even with a firewall.

If you may have guessed dhcp is one of my fun protocols   Just like dns...  If your having problems with dupes -- be more than happy to track down the reason with you.

 

Edited November 20, 2015 by BudMan

[sinetheo]

Are your different DHCP servers have different scopes?

Besides a router issue I can  see both servers trying to give an IP address that is the same. One handshakes and gives it an IP address while the other DHCP server thinks it's free and reports a conflict as it is already assigned.

In addition I believe you can set your servers to use DHCP assigned to a SID during it's lease too which could stop conflicts as one hand (DHCP server) doesn't know what the other is doing. Set different scope ranges for each box and try to assign to MAC or SID during a lease. So let's say someone shut's down his or her pc before the lease is up? The system comes back and does another DHCP broadcast when the LAN is initialized. The SID is recognized and the previous IP address is assigned. That would cut this down.

[sc302 Veteran]

  On 20/11/2015 at 15:02, BudMan said:

Well for starters something not answering ping does not mean its not there on that IP, its firewall might just prevent answering ping.

What windows dhcp server are you using 2k8r2, 2012, 2016?

https://technet.microsoft.com/en-us/library/dd183587(v=ws.10).aspx

I have never seen any sort of setting that detection of another dhcp server it would shut it self down, this seems like a self defeating sort of feature - if detect rouge dhcp server, shut yourself down and allow just the rouge?  That doesn't seem like a good idea.

2000 and 2003 did from what I remember, vaguely remember them shutting down when dhcp was handed out by gateway. I haven't really played with multiple dhcp severs on 2008, but 2012 does have a load balancing feature. 

[+BudMan MVC]

I don't recall that, but sure its  possible - not like MS doesn't do some really stupid ###### all the time..  Now I could see if dhcp server was set to non authoritative and it saw an authoritative dhcp server, maybe.. But you would normally always have your dhcp set for authoritative..  Otherwise you can have issues with devices that come from other networks and have other leases switching to your network.

Not exactly sure what John T is after here, to be honest I would just leave it at 0, it should arp and the client should arp as well looking for devices that already have that IP..  Having it "ping' is just going to slow down the handing out of leases.  Ping would be useful if the dhcp server is not on the same layer 2 as the clients, ie you relay/helper to get to your dhcp server.  Since his arp is not going to get an answer if he is on a different l2 segment.  You should be ok since the client should detect and send back decline..  But if you have lots of different devices/os'es on our network - its possible some dhcp clients don't do proper checking or use of decline, etc.

Without a better understanding of the specific network, how dhcp is deployed in the network - the issue being seen..  To just answer the generic question, if you want to use that feature and have your dhcp server ping - 1 should be enough..  I sure and the hell would not go above say 3 or your going to have issues I would think with waiting for that to come back before the offer is sent.

[binaryzero]

LOL! DHCP servers don't shut down, they just don't hand out the IP address because another DHCP server has answered the broadcast. 

If you have multiple DHCP servers on your network, you can do a 70\30 or 80\20 scope split, which then you'd use the delay option on one of the servers.

[sc302 Veteran]

I remember the down arrow on the 03 server when a linksys was handing out addresses.  Or maybe it was 00.  I don't remember the details, I remember the troubleshooting. 

Edited November 22, 2015 by sc302

[binaryzero]

^^ I'm like that sometimes too, can't never remember where something is, but know I've seen it before when trouble shooting. 

Dang memory ain't what she used to be...