LearnNetwork
DHCP, DNS, NAT, NTP

IP services — DHCP, DNS, NAT, NTP

13 min

Four foundational IP services. None of them are exciting. All of them are present in every working network. Get the basics right and you'll diagnose 90% of "the internet is down" complaints in seconds.

DHCP — automatic IP assignment

A host without an IP can't even reach a DHCP server through normal routing. The protocol works in four steps (mnemonic: DORA):

  1. Discover — client broadcasts (0.0.0.0255.255.255.255) "is there a DHCP server?"
  2. Offer — server unicasts (or broadcasts) an IP offer back.
  3. Request — client broadcasts which offer it's accepting.
  4. Acknowledge — server confirms the lease.

Ports: server UDP/67, client UDP/68.

DHCP relay

DHCP discovery is broadcast — it doesn't cross routers. A central DHCP server can serve many subnets only if each router runs a DHCP relay (Cisco: ip helper-address) that catches the broadcast and unicasts it to the real server, then relays the response back.

Cisco IOSDHCP relay
[object Object]

Pools and reservations

A server defines a pool per subnet: range, gateway, DNS, lease time, options. Static reservations by MAC ensure specific hosts always get the same address (printers, IP phones, infra). A reservation outside the pool's "dynamic" range is the clean way.

DNS — names to addresses

DNS turns www.example.com into 203.0.113.42. Port UDP/53 (or TCP/53 for large responses and zone transfers).

Resolution flow:

  1. Browser asks the stub resolver (libc / OS).
  2. Stub resolver asks the recursive resolver (your ISP or 1.1.1.1 or 8.8.8.8).
  3. Recursive walks: root servers → TLD (.com) → authoritative for example.com → A record for www.
  4. Returns the answer, caches it for the TTL.

Common record types:

| Type | Returns | |---|---| | A | IPv4 address | | AAAA | IPv6 address | | CNAME | Alias to another name | | MX | Mail server for the domain | | TXT | Arbitrary text — used for SPF, DKIM, verification, etc. | | NS | Authoritative nameservers for a zone | | PTR | Reverse — IP to name |

When troubleshooting: dig @8.8.8.8 example.com A queries a specific resolver directly. If dig works but a browser doesn't, the problem isn't DNS — it's caching or the application.

NAT — sharing one public IP

A private network using RFC 1918 space (10.0.0.0/8, etc.) needs NAT (Network Address Translation) to reach the public internet. The simplest and most common variant is PAT (Port Address Translation, also called NAT overload):

10.0.0.5:53201 ──┐
10.0.0.6:48201 ──┼─→ NAT box ─→ 203.0.113.5:43221 → public internet
10.0.0.7:55001 ──┘                          (unique port per flow)

The NAT box maintains a translation table: (inside IP, inside port) ↔ (outside port). Return traffic to 203.0.113.5:43221 gets de-NATted back to the right inside host.

CCNA terminology:

| Term | What | |---|---| | Inside local | Private IP, inside view | | Inside global | Public IP that represents the inside host externally | | Outside local | (Rarely matters) — how the outside is seen from inside after any translation | | Outside global | Public IP of the remote host |

Cisco IOSPAT — many inside, one outside
[object Object],[object Object]

NTP — keep clocks in sync

If routers, switches, and servers drift more than a few seconds out of sync, logs become hard to correlate, certificates start failing, and timestamped events lie. NTP (Network Time Protocol, UDP/123) keeps everything synced within milliseconds across a network.

Hierarchy:

  • Stratum 0 — reference clocks (atomic, GPS).
  • Stratum 1 — directly connected to stratum 0.
  • Stratum 2 — synced from stratum 1.
  • And so on up to 15. Stratum 16 = unsynchronized.

Most enterprise: one or two switches as server to public stratum-2 sources (pool.ntp.org, vendor NTP), all other devices client to those. Operators run their own stratum-1 GPS sources for sub-microsecond sync.

Cisco IOSSet NTP client
[object Object]

What to remember

  • DHCP: DORA, ports 67/68, broadcast (use relay across routers).
  • DNS: UDP/53, recursive walks the hierarchy, watch your TTLs.
  • NAT/PAT: many private → one public via port-mapping. inside local vs inside global vocabulary.
  • NTP: stratum hierarchy, UDP/123, configure two sources, authenticate.
  • All four are usually invisible when they work — visible all at once when they don't.