0

These are Windows Server 2008r2 machines in an AD environment.

Some time in the past a DHCP server failed. An admin replaced it using a different host but the same address. Later on, when troubleshooting a rogue DHCP server, it was discovered that both the old and current servers were list as authorized DHCP servers.

Once discovered it was de-authorized. That de-authorized our current productions DHCP server for a short period until that was reversed.

Those two, with the same ip address, were listed for almost 6 months. Would that have been causing any issues or merely just an harmless entry in the authorized list?

Matt
  • 740
  • 6
  • 28
  • I don't really understand your question. Are you asking if having 2 active DHCP servers on the same address causes issues? If you didn't notice any the last 6 months you surely won't notice them now. Basically what happens is that connections are unreliable since it depends which server reacts faster to a DHCP request and, if you're unlucky can result in 2 hosts having the same IP which in turn also causes various issues. – Broco Jan 10 '17 at 14:25
  • @Broco There are not two active servers but two entries in the Authorized DHCP servers list. One is old and was not removed properly. The other is active and current. They have different names but the same ip address. Im sure the implication of this is nothing. – Matt Jan 10 '17 at 15:02
  • @Matt: Yes. This is harmless. – joeqwerty Jan 10 '17 at 15:03
  • @Matt ok, now I get it. Yes, nothing will happen, they are both authorized but since one is inactive only the active and authorized one will be used. – Broco Jan 10 '17 at 15:03
  • That would be an answer then. I was trying to troubleshoot another issue and wanted to be sure that had nothing to do with it. – Matt Jan 10 '17 at 15:13

1 Answers1

0

I think this was answered in the comments above, but I would like to clarify it in answer form.

  • If you have two devices on the same network that have the same IP address and are active at the same time, it will cause problems whether or not they are servers. This is because they will fight over every packet addressed to that IP address, so there will be obvious problems.
  • However, because it sounds like the old DHCP server is inactive, there will be no effects of assigning the new DHCP server the same IP address as the old server.
  • Having an inactive DHCP server listed in the authorized list won't result in any immediate repercussions. However, if you will not be using it any more, then it is best practice to remove it, because in theory it could be a security flaw.
B00TK1D
  • 685
  • 4
  • 18
  • Can you expand more on the last bullet. My intuition and comments here make it seem meaningless. Your bullet implies something _could_ happen. _won't result in any immediate repercussions_ and _in theory it could be a security flaw_ – Matt Jan 10 '17 at 19:02
  • @Matt - Sure. Your network will continue to function as normal if you have an unused but authorized DHCP server. However, if your network were to be hacked, an attacker could _thoeoretically_ use this unused DHCP server by renaming an existing server, and then handing out rogue addresses. While this isn't a huge deal, I just wanted to point out that it is possible. – B00TK1D Jan 10 '17 at 19:08