Explain the role of DHCP and DNS within the network

In this blog post, we will cover the role of 2 important services – DHCP and DNS. The CCNA exam includes the following topics that we will explore in detail:

4.3 Explain the role of DHCP and DNS within the network

4.6 Configure and verify DHCP client and relay

Domain Name System

Domain Name System (DNS) is a naming protocol for hosts and services on the Internet. It is also a client-server application that maintains and provides access to DNS records. Many Internet services, such as web browsing and email delivery, rely on DNS service.

In addition to its role of naming hosts on the Internet, DNS is also often used by organizations to support their internal applications. For example, Microsoft Active Directory is a directory service that requires DNS to store its records. In such scenarios, the internal records are not exposed to the Internet.

Domains and FQDNs

Hosts are uniquely identified by their Fully Qualified Domain Name (FQDN). For example, server1.sales.fastreroute.com is a fully qualified domain name of a server. The name consists of 2 parts separated by a dot:

  • Hostname portion, or server1
  • Domain portion, or sales.fastreroute.com

The domain component is hierarchical, with the parent domains specified on the right side. In the example above, domain .com is a parent domain of fastreroute.com, which in turn is a parent domain of sales.fastreroute.com.

To understand domain hierarchy, a file system can be used as an analogy, in which folders are replaced with domains and files with hosts. Domains can contain sub-domains or hostnames, in the same way as a file-system folder can contain subfolders or files.

Name Servers

Name server functionality can be implemented as an operating system component, an application, or Software-As-A-Service (SAAS). For example, BIND is one of the most popular DNS servers on the Internet and is available on Unix-like operating systems. Windows platforms have a DNS server built-in into the server operating system.

Public cloud providers offer managed DNS service, for example, AWS offers Route53, which can provide advanced features beyond traditional DNS servers.  Cisco routers can be configured to act as a DNS server too. We will provide an example of how to set it up in this blog post.

A name server can act as an authoritative server or name resolver, or both at the same time. The authoritative server role focuses on storing naming information in DNS zones. The resolver role is about providing requested information after receiving a query from a client. We will discuss these roles in detail in the next two sections.

Authoritative Name Servers and Zones

An authoritative name server stores a DNS zone for a specific domain subtree and doesn’t rely on querying other name servers for entries in this zone. A domain hierarchy defines a logical structure of a namespace, while zones are actual files or databases storing the DNS data.

The very top zone in the hierarchy of public DNS is called the root zone. It contains pointers on how to find information about domains such as .com, .net, and different country codes. These domains are called Top-Level Domains (TLDs).

The root zone is serviced by 13 groups of DNS servers, which are also called root hints. Each group contains geographically distributed servers that share the same anycast IP address and allocated a letter of the alphabet as hostname, in the root-server.net domain. The location of these servers on the world map can be checked here, scroll down to see members within each cluster, and their location.

When an organization registers a domain name, for example, fastreroute.com, the parent domain (.com) delegates administrative control over fastreroute.com and all domains under it to the organization. If no further delegation is done, then the zone fastreroute.com will store all entries in the domain and all subdomains under it.

Administrators of fastreroute.com can delegate control of a subdomain sales.fastreroute.com to the sales department. A different set of DNS servers can host the zone for sales.fastreroute.com and all subdomains under it, such as us.sales.fastreroute.com.

If we continue the analogy with the file system, delegation is similar to creating a link or shortcut that will redirect users to another file server. This server, in turn, can create shortcuts to other file servers and so on.

Name Resolvers and Query Types

Name resolution is the process of a DNS client sending a query and DNS server replying to it. The most commonly used type of request is to resolve hostnames to IP addresses. Some name servers can perform only name resolution functionality and do not host any zones, i.e. not being authoritative for any domain namespaces.

There are 2 modes that name resolvers can operate in – recursive and iterative. A recursive server can perform additional queries to another server if it doesn’t have the required information locally. Recursive name resolvers can also cache answers, so the subsequent queries can be serviced using a local cache. An iterative resolver, instead of doing all the queries on the client behalf, can return an address of another name server for the client to query directly.

Record types

DNS stores information in domain zones using several types of records. SOA record contains authoritative zone information, administrative contacts, and different timers. NS record contains pointers to authoritative DNS servers.

“A” record maps a hostname to an IPv4 address. AAAA record is the IPv6 version of A record. PTR record stores reversed A record, so one can resolve a hostname by using an IP address.

CNAME record keeps hostname to hostname mapping and also often called alias record. MX record is used to specify the SMTP mail server for a domain. TXT record stores a piece of text information.

Check this article on Wikipedia with the full list of DNS record types.

Cisco Routers and Switches as a DNS Client

Cisco devices can be configured as a DNS client. The device has multiple system services such as, Smart Licensing and NTP servers, that use hostnames and need to figure out the IP addresses. Hostname and domain name is also used to create RSA keys for services, such as the SSH server.

The following configuration commands configure DNS client functionality:

hostname edgerouter1
ip name-server
ip domain name fastreroute.com

In this example, the router will have FQDN of edgerouter1.fastreroute.com. It will use two Google’s name servers in the specified order and it will also append suffix fastreroute.com if only a hostname is specified in various commands.

To display name server information, validate cache and enable debugging, use the following 3 commands:

show ip dns servers
show hosts
debug ip domain

Cisco Routers and Switches as DNS Server

It is possible to configure Cisco routers to provide DNS server functionality. To enable it use the following command:

ip dns server

By default, the server will use name servers configured on the router, as shown in the earlier example, to perform query forwarding. It is possible to create conditional forwarding patterns useful when you might want to use internal DNS servers for some queries and ISP’s DNS servers for Internet access at the remote branch. The configuration guide on the Cisco website provides more information for such a configuration.

It is also possible to create static entries that can be useful for different testing scenarios:

ip host test.local.lab

In this example, the router will reply with the IP address of to clients that are trying to resolve “test.local.lab” via the Cisco router.

Dynamic Host Configuration Protocol (DHCP)

A host needs an IP address to communicate on the network. An address can be assigned to a device via manual configuration or dynamic assignment. Administrators manually configure IP addresses on servers and network devices that expect static IP addresses. DHCP server dynamically assigns IP addresses to workstations and client devices, as they don’t expect inbound connections and manual configuration would be time-consuming and unpractical.

DHCP Client-Server Communication

When a DHCP client starts up, it broadcasts a discover message looking for a DHCP server. As the client doesn’t have an IP address during bootstrap, all communications described below use broadcasts and can only communicate on the same broadcast domain (VLAN).

If any of the DHCP servers received a discover message from the client, they reply with an offer of IP address for the client to use. The client receives one or many replies, in which case it usually uses the first one, and sends a request back to the server confirming that it accepts offered IP address. Finally, the server sends an acknowledgment to the client to complete the address negotiation process.

This handshake uses 4 messages: DHCP Discover, DHCP Offer, DHCP Request, DHCP Ack. It can be memorized by using acronym DORA (Discover, Offer, Request, Acknowledgment).

DHCP Pools and Leases

An administrator creates a pool of IP addresses for the DHCP server to allocate individual addresses from. Addresses must be returned back to the pool after a period of time or a client must request a lease renewal.

Multiple settings, such as subnet mask, default gateway, DNS server and domain, and lease duration can be managed on a pool level. Cisco devices acting as DHCP servers use the pool configuration mode for subnets and individual IP address reservations.

DHCP lease or binding is created when a client has been allocated an IP address from a pool. The lease is provided for a specific time. The client will attempt to renew the lease at the predetermined periods prior to the lease expiration.

Printers often need to have the same IP address. Instead of configuring printers manually, an administrator can configure a DHCP server to reserve an IP address for a specific MAC address. Such a lease is called DHCP reservation.

DHCP Client Configuration on Cisco Devices

DHCP client configuration is usually done on Internet-facing interfaces.

interface GigabitEthernet0
 ip address dhcp

ip route dhcp

The example above configures the GigabitEthernet0 interface to acquire its IP address dynamically via DHCP. The optional “ip route” command enables the use of the default gateway sent by the DHCP server.

DHCP Relay Configuration on Cisco Devices

As we discovered earlier, DHCP is based on broadcast communications. As broadcasts are contained within a subnet boundary, clients must be placed into the same subnet as the DHCP server or DHCP server must have multiple interfaces to be placed into every subnet. Both scenarios are not optimal and don’t scale well.

To address this DHCP relay can be configured on a switch. DHCP relay listens for DHCP messages on the interfaces where it is enabled. If a relay sees a broadcast, it processes the message and then sends it as a unicast directly to the DHCP server. Further communications flow via DHCP relay, which also encodes source IP address of the interface where the query from the client was received, so the DHCP server knows from which address pool to allocate the address.

DHCP relay or often called “ip helper”, is configured using the following commands:

interface Vlan100
 ip helper-address

In this example, the DHCP broadcasts received from clients in VLAN 100 will be forwarded to the DHCP server with an IP address of

DHCP Server Configuration on Cisco Devices

In SOHO networks, no traditional servers may be available to perform the DHCP server role. In these scenarios, a router can be configured as a DHCP server. The configuration consists of defining a DHCP pool with its settings and excluding certain IP addresses from allocation.

The configuration commands to create a network pool:

ip dhcp excluded-address

ip dhcp pool VLAN-10

To create a reservation for a device, its MAC address needs to be specified:

ip dhcp pool PRINTER-01
 client-identifier abcd.efab.cdef

To validate assigned IP addresses and see debug messages:

show ip dhcp binding
debug ip dhcp server packets
debug ip dhcp server events

Recommended Resources

Check other articles on our website.

Self-Test Questions

What is the difference between recursive and iterative modes of DNS resolver operation?
Resolver in recursive mode performs queries on client behalf and returns requested information, while iterative resolver will send a referral to the client, so it can perform further queries on its own.
What is the difference between A and CNAME DNS resource records?
“A” record is used to store a mapping of hostname to IP address, while CNAME stores hostname (alias) to hostname mapping.
List 4 messages used in DHCP communication between client and server?
Discover, Offer, Response and Acknowledgement (DORA)
Explain what is the purpose of a DHCP relay?
DHCP communication uses broadcast messages which are not forwarded by the routers. DHCP relay services can be provided by a router with an interface in the same network as clients. DHCP relay translates broadcast communication with the client into unicast communication with the DHCP server.