Configuring DHCP Failover in DHCP Server 4.6.5
Ever had a DHCP server go down and suddenly fifty people are knocking on your door because nothing works? DHCP failover is the answer — and if you're running ISC DHCP 4.Which means yeah. That's the kind of phone call you don't want to get on a Friday afternoon. 6.5, you've got solid options for keeping your IP address assignment rock-solid even when one server takes a dive It's one of those things that adds up. Less friction, more output..
What Is DHCP Failover
DHCP failover is a redundancy mechanism that lets two DHCP servers share the workload — and more importantly, back each other up when something goes wrong. Instead of one lonely server handling all your DHCP requests, you have two servers that talk to each other, split the address pool, and automatically take over for each other if needed.
In ISC DHCP 4.6.5, this works through the failover protocol. The two servers establish a relationship (one becomes the primary, one the secondary) and continuously exchange status information. On top of that, they each know what's been leased, what's available, and what the other server is doing. If the primary server stops responding, the secondary server picks up the slack — clients renew their leases or get new ones without even noticing there was a problem.
Some disagree here. Fair enough.
Primary vs. Secondary: What's the Difference
The naming is a bit misleading. Both servers are active under normal conditions — it's not like the secondary is just sitting there twiddling its thumbs. They split the address space (usually 50/50) and each handles DHCP requests for their portion. The "primary" and "secondary" labels mainly determine who takes over if the other server goes completely dark.
Hot Standby vs. Load Balance
You have two operating modes to choose from. On the flip side, Hot standby means one server handles all the traffic normally, and the other only steps in when the primary fails. Worth adding: Load balance (the default) splits the traffic evenly between both servers — each one handles roughly half the DHCP requests, and if one goes down, the other picks up the entire load. Most people run load balance because, honestly, why pay for two servers and only use one?
Why DHCP Failover Matters
Here's the thing — most networks run fine with a single DHCP server right up until they don't. In practice, new devices can't connect. Existing leases expire. The moment that server has a problem, you can't assign IP addresses. Things get ugly fast Turns out it matters..
In environments with lots of users, multiple VLANs, or critical infrastructure, this isn't just an inconvenience — it's an outage. Schools, hospitals, enterprises, anywhere there's significant network traffic — DHCP failover isn't optional. It's infrastructure.
What Actually Happens Without It
Let me paint a picture. Single DHCP server, everything's fine. That's why then a power blip, a hardware failure, a bad firmware update — whatever. Server goes down. What happens next?
Clients with existing leases are fine... No response. Still, no IP. But as leases start expiring, devices start asking for new addresses. And no connectivity. Depending on your lease times, this can start happening within an hour or even sooner. for a while. Meanwhile, you've got people losing connectivity, and you're scrambling to fix a server while everything's on fire.
With failover in place, the secondary server just keeps handing out addresses like nothing happened. Still, the failover protocol detects the failure within seconds, and the surviving server expands its pool to cover the entire address space. Users might not even notice.
How to Configure DHCP Failover in 4.6.5
Alright, let's get into the actual configuration. This is where it gets practical.
Step 1: Define the Failover Relationship
You need to tell each server about the other. Even so, this happens in the failover block at the top of your dhcpd. conf file.
On your primary server, it looks something like this:
failover peer "dhcp-failover" {
primary;
address 192.168.1.10;
port 647;
peer address 192.168.1.11;
peer port 647;
max-response-delay 30;
max-unacked-updates 10;
mclt 3600;
split 128;
load balance max seconds 3;
}
The secondary server has the same block, but with secondary; instead of primary;. The addresses are swapped — the primary lists its own address first, then the peer's. The secondary does the reverse.
Step 2: Configure the Shared Network and Subnets
Both servers need identical subnet definitions. They communicate with each other about what's available, so the configuration must match.
shared-network "internal-net" {
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name-servers 8.8.8.8, 8.8.4.4;
pool {
failover peer "dhcp-failover";
range 192.168.1.50 192.168.1.150;
}
}
}
The key piece is the failover peer statement inside the pool definition. That binds this pool to the failover relationship you defined earlier Not complicated — just consistent..
Step 3: Tune the Failover Parameters
A few settings in that failover block are worth understanding:
-
mclt (Maximum Client Lead Time) — this is how long a server will extend a lease beyond what it knows the other server has committed to. Default is usually fine, but if you have very long leases, you might adjust this Worth knowing..
-
split — this only applies in load balance mode. It determines how the address space is split between the two servers. A split of 128 means a 50/50 split. You can bias it toward one server if you want (like 200 would give the primary more addresses).
-
load balance max seconds — this controls how quickly the secondary will take over if the primary isn't responding. Three seconds is aggressive; you might bump it up if you have slow links between servers.
Step 4: Sync Your Configurations
This is important: both servers need the same dhcpd.conf file (or at least the relevant parts). Which means the failover protocol handles the state synchronization automatically, but the configuration itself must match. If one server has a pool defined and the other doesn't, things break Easy to understand, harder to ignore..
Step 5: Start the Services
Start the failover daemon on both servers. The order doesn't strictly matter, but starting the primary first is conventional. Watch the logs — you should see them establish the failover relationship and start communicating.
Oct 15 10:23:45 dhcp-server1 dhcpd: Failover: All partners have been contacted.
Oct 15 10:23:45 dhcp-server1 dhcpd: Failover: My state: NORMAL Partner state: NORMAL
That "NORMAL / NORMAL" message means everything's working. Both servers are up, talking, and sharing the load Turns out it matters..
Common Mistakes People Make
Here's where things go sideways for a lot of folks:
Mismatched configurations. One server has a different subnet definition, different range, or different options. The failover protocol can only work if both servers agree on what's available. Double-check that your config files are identical (or at least the relevant parts) Not complicated — just consistent..
Firewall blocking the failover port. The default is port 647. Make sure your firewall allows traffic between the two servers on that port, or they'll never establish the relationship.
Not testing the failover. Configure it, verify it works, then break it on purpose. Stop the primary server, watch the secondary take over. Restart it, watch them resync. If you haven't tested it, you don't know if it works And it works..
Lease times too short. If your lease times are very short (like under an hour), the servers spend more time renewing leases than handling new requests. This isn't a failover-specific problem, but it amplifies load during failover events.
Practical Tips That Actually Help
-
Use the same version on both servers. Mixing versions can cause compatibility issues. Stick with 4.6.5 on both.
-
Monitor the failover state. Add checks to your monitoring system for the failover status. You want to know immediately if one server goes into "partner down" state.
-
Keep the servers on separate power circuits. Seems obvious, but I've seen failover setups where both servers were on the same UPS. That defeats the purpose.
-
Document the split. If you're not using a 50/50 split, write it down somewhere. Future-you will thank present-you.
-
Test during maintenance windows. Don't configure failover for the first time at 2am during an outage. Do it during a planned maintenance window when you can troubleshoot if needed.
FAQ
How do I verify failover is working?
Check the logs for the "NORMAL / NORMAL" message. You can also use dhcpd -t to test your configuration syntax, and many systems have status commands that show the failover state Most people skip this — try not to..
Can I run more than two servers?
ISC DHCP failover is designed for exactly two servers. If you need more redundancy, you'd typically run multiple independent failover pairs on different subnets or VLANs.
What happens if both servers fail?
Then you have a bigger problem than DHCP. But your clients will at least hold onto their existing leases until the servers come back. Nothing's perfect.
Does failover work across different subnets?
The failover communication happens on a dedicated link (the peer addresses). The DHCP service itself can span multiple subnets through relay agents, so yes, it works — but the two DHCP servers need to be able to communicate directly with each other That's the part that actually makes a difference..
No fluff here — just what actually works.
What's the default failover port?
Port 647. Make sure it's open on both servers.
The Bottom Line
DHCP failover in 4.6.5 isn't complicated, but it does require attention to detail. But two servers, properly configured, will keep your IP address assignment running even when one goes down. The key is getting the configuration right, testing it, and then forgetting about it until you need it.
And when you do need it — and you will, eventually — you'll be glad it's there The details matter here..
