DHCP Options

Additional configuration options for DHCP.

Introduction: Beyond the Core Four

The primary and most well-known function of the Dynamic Host Configuration Protocol (DHCP) is to automatically provide a client device with its essential network configuration: an IP address, a subnet mask, a default gateway, and the address of a DNS server. This core set of four parameters is enough to get a device online and communicating. However, modern networks are complex ecosystems that often require a much richer set of configuration data to function optimally and securely.

Imagine configuring a new employee's computer. Beyond basic connectivity, you might need it to know the company's domain name, where to find the corporate time servers, how to boot over the network for imaging, or the address of a specific VoIP controller. Manually configuring each of these settings on every device would defeat the purpose of using DHCP for automation. To solve this, the designers of DHCP included a powerful and flexible mechanism called .

The options field is a variable-length area within a DHCP message that can carry dozens of standardized and vendor-specific configuration parameters. It transforms DHCP from a simple IP address dispenser into a comprehensive, extensible framework for centralized network configuration management. This flexibility is the primary reason why DHCP has remained a cornerstone of network administration for decades.

The Structure of DHCP Options: Tag-Length-Value (TLV)

To accommodate a wide variety of information, the DHCP options field is not a rigid structure with fixed fields. Instead, it is a sequence of individual options, each formatted using a simple and common encoding scheme known as Tag-Length-Value (TLV).

Tag (or Code): This is a single byte (8 bits) that serves as a unique numeric identifier for the option. For example, the code for the Subnet Mask option is $1$ , and the code for the DNS Server option is $6$ . The client uses this tag to identify which piece of configuration information is being provided.
Length: This is a single byte that specifies the length of the Value field in bytes. This allows for options with variable-length data, such as a list of multiple server addresses.
Value: This is the actual data for the option. The size of this field is determined by the Length byte. For example, for the Subnet Mask option (which is an IPv4 address), the Length would be $4$ , and the Value would be the four bytes of the mask (e.g., $255.255.255.0$ ).

Special Option Codes

There are two special codes that do not follow the TLV structure:

Pad Option (Code 0): This is a single byte with a value of $0$ . It is used as padding to ensure that subsequent options are aligned to word boundaries for efficient processing. It has no length or value field.
End Option (Code 255): This is a single byte with a value of $255$ . It is used to mark the end of the options field. Any data after this code is ignored.

A Deep Dive into Common DHCP Options

The Internet Assigned Numbers Authority (IANA) maintains a registry of official DHCP option codes. While there are hundreds, a core set is used in almost every network.

Option 53: DHCP Message Type

This is one of the most critical options, as it must be present in every DHCP message. It specifies the "type" of the DHCP message. It's how a server distinguishes a client's initial discovery from a formal request. Its length is always 1.

Value $1$ : DHCPDISCOVER
Value $2$ : DHCPOFFER
Value $3$ : DHCPREQUEST
Value $4$ : DHCPDECLINE (Client tells server the offered address is already in use)
Value $5$ : DHCPACK
Value $6$ : DHCPNAK (Server tells client its lease is invalid)
Value $7$ : DHCPRELEASE

Essential Network Parameters

Option 1: Subnet Mask: This option provides the client with its subnet mask. The length is always 4 bytes for IPv4. A device uses the subnet mask to determine if a destination IP address is on the local network (reachable directly via Layer 2) or on a remote network (requiring traffic to be sent to the default gateway).
Option 3: Router (Default Gateway): This option specifies the IP address of the default gateway. The length is a multiple of 4 bytes, allowing a list of routers to be provided for redundancy, though most clients will only use the first one in the list.
Option 6: Domain Name Server: This provides a list of one or more DNS server IP addresses that the client should use for name resolution. The length is a multiple of 4 bytes. Providing at least two DNS servers (a primary and a secondary) is a common best practice for redundancy.
# Example DHCP server configuration snippet option routers 192.168.1.1; option domain-name-servers 8.8.8.8, 1.1.1.1;
Option 15: Domain Name: This option specifies the domain name that the client should use when resolving hostnames. For example, if a server provides the domain name 'corp.example.com', a user on a client machine can often just type 'server1' in their browser, and the OS will automatically try to resolve 'server1.corp.example.com'.

Lease Time Management Options

Option 51: IP Address Lease Time: This option specifies the total duration of the IP address lease in seconds, sent as a 32-bit unsigned integer. Both the client and the server use this value to manage the lease lifecycle.
Option 58: Renewal (T1) Time Value: This option specifies the time interval, in seconds, until the client enters the RENEWING state. This is typically set by the server to 50% of the total lease time. When this timer expires, the client begins sending unicast DHCPREQUEST messages to the original server to renew its lease.
Option 59: Rebinding (T2) Time Value: This option specifies the time interval, in seconds, until the client enters the REBINDING state. This is typically set by the server to 87.5% of the total lease time. If the client fails to renew its lease with the original server by this time, it starts broadcasting DHCPREQUEST messages to find any available DHCP server to extend its lease.

The Parameter Request List (Option 55): The Client's Wishlist

DHCP clients do not just passively accept whatever options the server decides to send. The DHCP protocol includes a mechanism for the client to explicitly request the specific configuration parameters it needs. This is done using Option 55: Parameter Request List.

In its DHCPDISCOVER or DHCPREQUEST messages, a client will include an Option 55 that contains a list of the option codes it is interested in. For example, a typical client might send a list containing $[1, 3, 6, 15, 42]$ , indicating that it wants to receive a subnet mask, a router, DNS servers, a domain name, and NTP servers.

The DHCP server will then look at this list and try to provide values for as many of the requested options as it is configured to do in its DHCPOFFER and DHCPACK responses. This negotiation makes the protocol more efficient, as the server doesn't waste space sending options the client doesn't need or understand.

Special Purpose and Vendor-Specific Options

The flexibility of DHCP is further enhanced by options designed for specific use cases, particularly network booting and vendor customizations.

Options for Network Booting (PXE)

The allows a computer to boot up and load an operating system directly from the network without needing a local hard drive. DHCP plays a central role in this process.

Option 66: TFTP Server Name: When a PXE client boots, it first gets an IP address via DHCP. The DHCP offer can include Option 66, which tells the client the hostname or IP address of a Trivial File Transfer Protocol (TFTP) server.
Option 67: Bootfile Name: Option 67 specifies the name of the boot file (e.g., 'pxelinux.0' or 'bootx64.efi') that the client should download from the TFTP server to start the OS installation or loading process.

Option 43: Vendor-Specific Information

It's impossible to create a standardized option code for every possible configuration need. Option 43 provides a generic container that allows vendors to pass their own proprietary configuration information to their devices.

This is commonly used in enterprise networks. For example, a new Cisco or Ubiquiti Wi-Fi access point, upon connecting to the network, can receive the IP address of its wireless LAN controller via a vendor-specific sub-option encapsulated within Option 43. This allows the AP to automatically find and register with its controller without any manual configuration.