A DHCP server automatically assigns IP addresses and network settings to every device that connects to a network. Without one, you’d need to manually configure each phone, laptop, printer, and tablet with a unique address before it could go online. DHCP handles that entire process in seconds, behind the scenes, every time a device joins the network.
What a DHCP Server Actually Does
Every device on a network needs a unique IP address to send and receive data, the same way every house on a street needs a unique mailing address. A DHCP server maintains a pool of available addresses and hands one out to each device when it connects. Along with the IP address, it also delivers several other pieces of configuration data the device needs to function on the network:
- Subnet mask: tells the device which portion of the network it belongs to
- Default gateway: the address of the router that connects the local network to the internet
- DNS server addresses: the servers that translate website names (like google.com) into numeric IP addresses
- Time server addresses: servers the device can use to keep its clock accurate
All of this happens automatically. The device doesn’t need any pre-programmed network information, and no one needs to type anything in. The DHCP server centralizes what would otherwise be a tedious, error-prone task for every single device on the network.
How a Device Gets Its Address
The exchange between a device and a DHCP server follows four steps, sometimes called the DORA process.
First, your device sends a broadcast message to the entire local network saying, essentially, “Is there a DHCP server here? I need an address.” This is the Discover step. Because the device doesn’t have an address yet, it broadcasts to every device on the network at once.
Second, the DHCP server receives that broadcast and responds with an Offer, proposing an available IP address from its pool along with the other network settings.
Third, the device sends back a Request confirming it wants that specific address. This step exists because there could be multiple DHCP servers on a network, and the device needs to formally accept one offer.
Finally, the server sends an Acknowledge message, confirming the assignment. At that point, the device has a valid IP address and can start communicating on the network. The whole process typically takes a fraction of a second.
IP Leases and Why They Expire
A DHCP server doesn’t give out addresses permanently. It leases them for a set period, and when that lease expires, the address goes back into the pool for other devices to use. This prevents the server from running out of addresses when devices leave the network without formally disconnecting, which is what happens every time someone walks out of a coffee shop or closes a laptop.
The default lease time on most networks is one day. Networks where devices come and go frequently, like a public Wi-Fi hotspot, often use shorter leases between four hours and one day. Leases under one hour are unusual and generally reserved for situations with extremely high turnover. Stable office networks with the same computers connecting every day can use longer leases without issue.
Before a lease expires, the device automatically contacts the server to renew it. If you keep your laptop connected to your home network, it quietly renews its lease in the background without you ever noticing. You only get a new address if the old one is no longer available.
Why Not Just Assign Addresses Manually?
You can. Setting a fixed IP address on a device (called a static IP) works perfectly well and is common for servers, routers, and printers that always need to be found at the same address. But manual assignment doesn’t scale. On a network with dozens or hundreds of devices, someone would need to track every assigned address in a spreadsheet, avoid duplicates, and physically configure each new device. One typo can create an IP conflict where two devices claim the same address, knocking both offline.
DHCP eliminates that entire category of problems. It tracks which addresses are in use, prevents duplicates automatically, and lets new devices connect with zero configuration. For large networks, the reduction in administrative work is enormous. For home networks, it’s what lets your guests connect to Wi-Fi without anyone touching a settings menu.
There’s also a middle ground called a DHCP reservation. This tells the server to always assign the same IP address to a specific device (identified by its hardware address) while still managing the process automatically. You get the consistency of a static address with the convenience of DHCP. This is a practical choice for home printers, game consoles, or streaming devices that benefit from a predictable address.
DHCP on Larger Networks
On small networks, the router itself typically acts as the DHCP server. Home routers almost always have this built in. On larger networks split into multiple segments, the DHCP server may sit on a completely different part of the network from the devices requesting addresses.
This creates a problem: the initial Discover message is a broadcast, and broadcasts don’t cross between network segments by default. To solve this, network administrators use a relay agent, a device that listens for DHCP broadcasts on one segment and forwards them to the DHCP server on another. This lets a single DHCP server manage addresses for an entire building or campus without needing a separate server on every floor.
DHCP in IPv6 Networks
The newer version of the internet’s addressing system, IPv6, introduced an alternative to DHCP called Stateless Address Autoconfiguration (SLAAC). With SLAAC, devices can generate their own addresses using information from the local router, without needing a DHCP server at all.
DHCPv6 still exists and comes in two forms. Stateful DHCPv6 works like traditional DHCP, assigning and tracking addresses centrally. Stateless DHCPv6 lets devices get their addresses through SLAAC but still contacts a DHCP server for additional settings like DNS server addresses. Not every IPv6 network needs DHCPv6, and the choice depends on how much control administrators want over address assignment. Default lease times for DHCPv6 are slightly longer, typically two days.
Security Risks to Be Aware Of
DHCP has no built-in way to verify that a request is legitimate. This opens the door to a few types of attacks. In a starvation attack, a malicious device floods the server with thousands of fake requests, each pretending to come from a different device. The server hands out addresses until the pool is exhausted, leaving legitimate devices unable to connect. Open-source tools for launching this kind of attack are freely available, making it a realistic threat on unsecured networks.
A rogue server attack is arguably worse. An attacker sets up their own DHCP server on the network, which responds to device requests with false configuration data. This can redirect traffic through the attacker’s machine, enabling eavesdropping or manipulation of network traffic. Because devices accept the first offer they receive, a rogue server can easily beat a legitimate one to the punch.
Network equipment manufacturers address these risks with features like DHCP snooping, which lets network switches distinguish between trusted and untrusted DHCP servers and block suspicious traffic. These protections are standard on enterprise-grade equipment but rarely enabled on consumer routers, where the risk is lower simply because the network is smaller and more controlled.