How to set up ISC DHCP high availability with PCS

High availability for ISC DHCP keeps address assignment online during node failures and maintenance, avoiding widespread client outages and stalled provisioning. A floating IP provides a stable DHCP endpoint for environments that depend on DHCP relays or a single server address.

In a Pacemaker cluster managed with pcs, an ocf:heartbeat:IPaddr2 resource assigns the virtual IP (VIP) to the active node while a systemd resource controls the isc-dhcp-server daemon. Grouping those resources keeps them colocated and enforces ordering so the VIP is online before DHCP replies are served.

All cluster nodes must share the same /etc/dhcp/dhcpd.conf content and a consistent server-identifier value so renewals continue to target the VIP after failover. The DHCP lease database must also remain consistent across nodes (shared storage or coordinated failover) or duplicate addresses can be issued. Keep the DHCP service disabled outside Pacemaker control to prevent multiple DHCP daemons responding on the same broadcast domain.

Related: How to set up ISC DHCP active-active with PCS
Related: How to create a Pacemaker cluster

Steps to set up ISC DHCP high availability with PCS:

  1. Confirm the cluster is online and has quorum. 
    $ sudo pcs status
Cluster name: clustername
Cluster Summary:
  * Stack: corosync (Pacemaker is running)
  * Current DC: node-01 (version 2.1.6-6fdc9deea29) - partition with quorum
  * Last updated: Thu Jan  1 04:29:41 2026 on node-01
  * Last change:  Thu Jan  1 04:29:38 2026 by root via cibadmin on node-01
  * 3 nodes configured
  * 0 resource instances configured

Node List:
  * Online: [ node-01 node-02 node-03 ]

Full List of Resources:
  * No resources

Daemon Status:
  corosync: active/enabled
  pacemaker: active/enabled
  pcsd: active/enabled

    Related: How to check Pacemaker cluster status

  2. Pick a floating IP address for the DHCP service that is outside all DHCP dynamic ranges. 
    subnet 192.0.2.0 netmask 255.255.255.0 {
  range 192.0.2.100 192.0.2.150;
}

    Keep the VIP (for example 192.0.2.66) outside every range to prevent accidental assignment to a client.

  3. Set the server-identifier value to the floating IP in /etc/dhcp/dhcpd.conf on all cluster nodes. 
    server-identifier 192.0.2.66;

    Using the VIP as the DHCP Server Identifier keeps relay targets and renewals stable after failover.

  4. Validate the ISC DHCP configuration syntax on each node before enabling cluster control. 
    $ sudo dhcpd -t -cf /etc/dhcp/dhcpd.conf
Internet Systems Consortium DHCP Server 4.4.3-P1
Copyright 2004-2022 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Config file: /etc/dhcp/dhcpd.conf
Database file: /var/lib/dhcp/dhcpd.leases
PID file: /var/run/dhcpd.pid

    A non-zero exit status or a Configuration file errors encountered message indicates a configuration error.

  5. Identify the systemd unit name for ISC DHCP on the cluster nodes. 
    $ systemctl list-unit-files --type=service | grep -E '^(isc-dhcp-server|dhcpd)\.service'
isc-dhcp-server.service                      disabled        enabled
  6. Disable the DHCP service outside Pacemaker control on every cluster node. 
    $ sudo systemctl disable --now isc-dhcp-server
Synchronizing state of isc-dhcp-server.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install disable isc-dhcp-server
Synchronizing state of isc-dhcp-server.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install disable isc-dhcp-server
Synchronizing state of isc-dhcp-server.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install disable isc-dhcp-server

    Leaving DHCP enabled outside cluster control can result in multiple DHCP daemons issuing conflicting leases.

    Use dhcpd if the unit name is dhcpd.service.

    Related: How to manage Pacemaker cluster services with systemctl in Linux

  7. Create a floating IP resource for the DHCP endpoint. 
    $ sudo pcs resource create dhcp_ip ocf:heartbeat:IPaddr2 ip=192.0.2.66 cidr_netmask=24 op monitor interval=30s

    Related: How to create a floating IP address in Pacemaker

  8. Create the ISC DHCP service resource using the correct systemd unit name. 
    $ sudo pcs resource create dhcp_service systemd:isc-dhcp-server op monitor interval=30s

    Use systemd:dhcpd when that unit is present.

  9. Group the floating IP and ISC DHCP resources. 
    $ sudo pcs resource group add dhcp-stack dhcp_ip dhcp_service

    Related: How to create a Pacemaker resource group

  10. Verify the resource group placement. 
    $ sudo pcs status resources
  * Resource Group: dhcp-stack:
    * dhcp_ip	(ocf:heartbeat:IPaddr2):	 Started node-01
    * dhcp_service	(systemd:isc-dhcp-server):	 Started node-01
  11. Confirm the VIP address is present on the active node. 
    $ ip -4 address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
11: eth0@if456: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default  link-netnsid 0
    inet 192.0.2.11/24 brd 192.0.2.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet 192.0.2.66/24 brd 192.0.2.255 scope global secondary eth0
       valid_lft forever preferred_lft forever
  12. Confirm the ISC DHCP daemon is listening on UDP port 67 on the active node. 
    $ sudo ss -ulnp | grep -E ':67\s'
UNCONN 0      0            0.0.0.0:67         0.0.0.0:*    users:(("dhcpd",pid=179653,fd=7))

    No UDP :67 listener on the standby node indicates only the active node is serving DHCP.

  13. Run a failover test after the group is running.

    Related: How to run a Pacemaker failover test with PCS