High availability for ISC DHCP keeps address assignment online during node failures and maintenance, avoiding widespread client outages and stalled provisioning. A floating IP provides a stable DHCP endpoint for environments that depend on DHCP relays or a single server address.
In a Pacemaker cluster managed with pcs, an ocf:heartbeat:IPaddr2 resource assigns the virtual IP (VIP) to the active node while a systemd resource controls the isc-dhcp-server daemon. Grouping those resources keeps them colocated and enforces ordering so the VIP is online before DHCP replies are served.
All cluster nodes must share the same /etc/dhcp/dhcpd.conf content and a consistent server-identifier value so renewals continue to target the VIP after failover. The DHCP lease database must also remain consistent across nodes (shared storage or coordinated failover) or duplicate addresses can be issued. Keep the DHCP service disabled outside Pacemaker control to prevent multiple DHCP daemons responding on the same broadcast domain.
Steps to set up ISC DHCP high availability with PCS:
- Confirm the cluster is online and has quorum.
$ sudo pcs status Cluster name: clustername Cluster Summary: * Stack: corosync (Pacemaker is running) * Current DC: node-01 (version 2.1.6-6fdc9deea29) - partition with quorum * Last updated: Thu Jan 1 04:29:41 2026 on node-01 * Last change: Thu Jan 1 04:29:38 2026 by root via cibadmin on node-01 * 3 nodes configured * 0 resource instances configured Node List: * Online: [ node-01 node-02 node-03 ] Full List of Resources: * No resources Daemon Status: corosync: active/enabled pacemaker: active/enabled pcsd: active/enabled
- Pick a floating IP address for the DHCP service that is outside all DHCP dynamic ranges.
subnet 192.0.2.0 netmask 255.255.255.0 { range 192.0.2.100 192.0.2.150; }Keep the VIP (for example 192.0.2.66) outside every range to prevent accidental assignment to a client.
- Set the server-identifier value to the floating IP in /etc/dhcp/dhcpd.conf on all cluster nodes.
server-identifier 192.0.2.66;
Using the VIP as the DHCP Server Identifier keeps relay targets and renewals stable after failover.
- Validate the ISC DHCP configuration syntax on each node before enabling cluster control.
$ sudo dhcpd -t -cf /etc/dhcp/dhcpd.conf Internet Systems Consortium DHCP Server 4.4.3-P1 Copyright 2004-2022 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Config file: /etc/dhcp/dhcpd.conf Database file: /var/lib/dhcp/dhcpd.leases PID file: /var/run/dhcpd.pid
A non-zero exit status or a Configuration file errors encountered message indicates a configuration error.
- Identify the systemd unit name for ISC DHCP on the cluster nodes.
$ systemctl list-unit-files --type=service | grep -E '^(isc-dhcp-server|dhcpd)\.service' isc-dhcp-server.service disabled enabled
- Disable the DHCP service outside Pacemaker control on every cluster node.
$ sudo systemctl disable --now isc-dhcp-server Synchronizing state of isc-dhcp-server.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install disable isc-dhcp-server Synchronizing state of isc-dhcp-server.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install disable isc-dhcp-server Synchronizing state of isc-dhcp-server.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install disable isc-dhcp-server
Leaving DHCP enabled outside cluster control can result in multiple DHCP daemons issuing conflicting leases.
Use dhcpd if the unit name is dhcpd.service.
- Create a floating IP resource for the DHCP endpoint.
$ sudo pcs resource create dhcp_ip ocf:heartbeat:IPaddr2 ip=192.0.2.66 cidr_netmask=24 op monitor interval=30s
- Create the ISC DHCP service resource using the correct systemd unit name.
$ sudo pcs resource create dhcp_service systemd:isc-dhcp-server op monitor interval=30s
Use systemd:dhcpd when that unit is present.
- Group the floating IP and ISC DHCP resources.
$ sudo pcs resource group add dhcp-stack dhcp_ip dhcp_service
- Verify the resource group placement.
$ sudo pcs status resources * Resource Group: dhcp-stack: * dhcp_ip (ocf:heartbeat:IPaddr2): Started node-01 * dhcp_service (systemd:isc-dhcp-server): Started node-01 - Confirm the VIP address is present on the active node.
$ ip -4 address show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 11: eth0@if456: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link-netnsid 0 inet 192.0.2.11/24 brd 192.0.2.255 scope global eth0 valid_lft forever preferred_lft forever inet 192.0.2.66/24 brd 192.0.2.255 scope global secondary eth0 valid_lft forever preferred_lft forever - Confirm the ISC DHCP daemon is listening on UDP port 67 on the active node.
$ sudo ss -ulnp | grep -E ':67\s' UNCONN 0 0 0.0.0.0:67 0.0.0.0:* users:(("dhcpd",pid=179653,fd=7))No UDP :67 listener on the standby node indicates only the active node is serving DHCP.
- Run a failover test after the group is running.
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.
