# DHCP option sets in Amazon VPC
Network devices in your VPC use Dynamic Host Configuration Protocol (DHCP). You can use DHCP option sets to control the following aspects of the network configuration in your virtual network:
+ The DNS servers, domain names, or Network Time Protocol (NTP) servers used by the devices in your VPC.
+ Whether DNS resolution is enabled in your VPC.
**Topics**
+ [What is DHCP?](#DHCPOptionSets)
+ [DHCP option set concepts](DHCPOptionSetConcepts.md)
+ [Work with DHCP option sets](DHCPOptionSet.md)
## What is DHCP?
Every device on a TCP/IP network requires an IP address to communicate over the network. In the past, IP addresses had to be assigned to each device in your network manually. Today, IP addresses are assigned dynamically by DHCP servers using the Dynamic Host Configuration Protocol (DHCP).
Applications running on EC2 instances can communicate with Amazon DHCP servers as needed to retrieve their IP address lease or other network configuration information (such as the IP address of an Amazon DNS server or the IP address of the router in your VPC).
You can specify the network configurations that are provided by Amazon DHCP servers by using DHCP option sets.
If you have a VPC configuration that requires your applications to make direct requests to the Amazon IPv6 DHCP server, note the following:
+ An EC2 instance in a dual-stack subnet can only retrieve its IPv6 address from the IPv6 DHCP server. *It cannot retrieve any additional network configurations from the IPv6 DHCP server, such as DNS server names or domain names.*
+ An EC2 instance in a IPv6-only subnet can retrieve its IPv6 address from the IPv6 DHCP server *and can retrieve additional networking configuration information, such as DNS server names and domain names.*
+ For an EC2 instance in an IPv6-only subnet, the IPv4 DHCP Server will return 169.254.169.253 as the name server if "AmazonProvidedDNS" is explicitly mentioned in the DHCP option set. If "AmazonProvidedDNS" is missing from the option set, the IPv4 DHCP Server won't return an address whether other IPv4 name servers are mentioned in the option set or not.
The Amazon DHCP servers can also provide an entire IPv4 or IPv6 prefix to a network interface in your VPC using prefix delegation (see [Assigning prefixes to Amazon EC2 network interfaces](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-eni.html) in the *Amazon EC2 User Guide*). IPv4 prefix delegation is not provided in DHCP responses. IPv4 prefixes assigned to the interface can be retrieved using IMDS (see [Instance metadata categories](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories) in the *Amazon EC2 User Guide*).
# DHCP option set concepts
A *DHCP option set* is a group of network settings used by resources in your VPC, such as EC2 instances, to communicate over your virtual network.
Each Region has a default DHCP option set. Each VPC uses the default DHCP option set for its Region unless you either create and associate a custom DHCP option set with the VPC or configure the VPC with no DHCP option set.
If your VPC has no DHCP option set configured:
+ For [EC2 instances built on the Nitro System](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#instance-hypervisor-type), AWS configures `169.254.169.253` as the default domain name server.
+ For [EC2 instances built on Xen](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#instance-hypervisor-type), no domain name servers are configured and, because instances in the VPC have no access to a DNS server, they can't access the internet.
You can associate a DHCP option set with multiple VPCs, but each VPC can have only one associated DHCP option set.
If you delete a VPC, the DHCP option set that is associated with the VPC is disassociated from the VPC.
**Topics**
+ [Default DHCP option set](#ArchitectureDiagram)
+ [Custom DHCP option set](#CustomDHCPOptionSet)
## Default DHCP option set
The default DHCP option set contains the following settings:
+ **Domain name servers**: The DNS servers that your network interfaces use for domain name resolution. For a default DHCP option set, this is always `AmazonProvidedDNS`. For more information, see [Amazon DNS server](AmazonDNS-concepts.md#AmazonDNS).
+ **Domain name**: The domain name that a client should use when resolving hostnames using the Domain Name System (DNS). For more information about the domain names used for EC2 instances, see [Amazon EC2 instance hostnames](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-naming.html).
+ **IPv6 Preferred Lease Time**: How frequently a running instance with an IPv6 assigned to it goes through DHCPv6 lease renewal. The default lease time is 140 seconds. Lease renewal typically occurs when half of the lease time has elapsed.
When you use a default DHCP options set, the following settings are not used, but there are defaults for EC2 instances:
+ **NTP servers**: By default, EC2 instances use the [Amazon Time Sync Service](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html) to retrieve the time.
+ **NetBIOS name servers**: For EC2 instances running Windows, the NetBIOS computer name is a friendly name assigned to the instance to identify it on the network. The NetBIOS name server maintains a list of mappings between NetBIOS computer names and network addresses for networks that use NetBIOS as their naming service.
+ **NetBIOS node type**: For EC2 instances running Windows, this is the method that the instances use to resolve NetBIOS names to IP addresses.
When you use the default option set, the Amazon DHCP server uses the network settings in the default option set. When you launch instances in your VPC, they do the following, as shown in the diagram: (1) interact with the DHCP server, (2) interact with the Amazon DNS server, and (3) connect to other devices in the network through the router for your VPC. The instances can interact with the Amazon DHCP server at any time to get their IP address lease and additional network settings.
![\[Default DHCP option set\]](http://docs.aws.amazon.com/vpc/latest/userguide/images/dhcp-default-update-new.png)
## Custom DHCP option set
You can create a custom DHCP option set with the following settings, and then associate it with a VPC:
+ **Domain name servers**: The DNS servers that your network interfaces use for domain name resolution.
+ **Domain name**: The domain name that a client uses when resolving hostnames using the Domain Name System (DNS).
+ **NTP servers**: The NTP servers that provide the time to the instances.
+ **NetBIOS name servers**: For EC2 instances running Windows, the NetBIOS computer name is a friendly name assigned to the instance to identify it on the network. A NetBIOS name server maintains a list of mappings between NetBIOS computer names and network addresses for networks that use NetBIOS as their naming service.
+ **NetBIOS node type**: For EC2 instances running Windows, the method that the instances use to resolve NetBIOS names to IP addresses.
+ **IPv6 Preferred Lease Time** (optional): A value (in seconds, minutes, hours, or years) for how frequently a running instance with an IPv6 assigned to it goes through DHCPv6 lease renewal. Acceptable values are between 140 and 4294967295 seconds (approximately 138 years). If no value is entered, the default lease time is 140 seconds. If you use long-term addressing for EC2 instances, you can increase the lease time and avoid frequent lease renewal requests. Lease renewal typically occurs when half of the lease time has elapsed.
When you use a custom option set, instances launched into your VPC do the following, as shown in the diagram: (1) use the network settings in the custom DHCP option set, (2) interact with the DNS, NTP, and NetBIOS servers specified in the custom DHCP option set, and (3) connect to other devices in the network through the router for your VPC.
![\[Custom DHCP option set\]](http://docs.aws.amazon.com/vpc/latest/userguide/images/dhcp-custom-update-new.png)
**Related tasks**
+ [Create a DHCP option set](DHCPOptionSet.md#CreatingaDHCPOptionSet)
+ [Change the option set associated with a VPC](DHCPOptionSet.md#ChangingDHCPOptionsofaVPC)
# Work with DHCP option sets
Use the following procedures to view and work with DHCP option sets. For more information about how DHCP option sets work, see [DHCP option set concepts](DHCPOptionSetConcepts.md).
**Topics**
+ [Create a DHCP option set](#CreatingaDHCPOptionSet)
+ [Change the option set associated with a VPC](#ChangingDHCPOptionsofaVPC)
+ [Delete a DHCP option set](#DeletingaDHCPOptionSet)
## Create a DHCP option set
A custom DHCP option set enables you to customize your VPC with your own DNS server, domain name, and more. You can create as many additional DHCP option sets as you want. However, you can only associate a VPC with one DHCP option set at a time.
**Note**
After you create a DHCP option set, you can't modify it. To update the DHCP options for your VPC, you must create a new DHCP option set and then associate it with your VPC.
**To create a DHCP options set using the console**
1. Open the Amazon VPC console at [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/).
1. In the navigation pane, choose **DHCP option sets**.
1. Choose **Create DHCP options set**.
1. For **Tag settings**, optionally enter a name for the DHCP option set. If you enter a value, it automatically creates a Name tag for the DHCP option set.
1. For **DHCP options**, provide the configuration settings that you need.
+ **Domain name** (optional): Enter the domain name that a client should use when resolving hostnames using DNS. If you are not using AmazonProvidedDNS, your custom domain name servers must resolve the hostname as appropriate. If you use an Amazon RouteĀ 53 private hosted zone, you can use AmazonProvidedDNS. For more information, see [DNS attributes for your VPC](vpc-dns.md).
**Note**
Only use domain names that you fully control.
Some Linux operating systems accept multiple domain names separated by spaces. However, Windows and other Linux operating systems treat the value as a single domain, which results in unexpected behavior. If your DHCP option set is associated with a VPC that has instances running operating systems that treat the value as a single domain, specify only one domain name.
+ **Domain name servers** (optional): Enter the DNS servers that will be used to resolve the IP address of a host from the host's name.
You can enter either **AmazonProvidedDNS** or custom domain name servers. Using both might cause unexpected behavior. You can enter the IP addresses of up to four IPv4 domain name servers (or up to three IPv4 domain name servers and **AmazonProvidedDNS**) and four IPv6 domain name servers separated by commas. Although you can specify up to eight domain name servers, some operating systems might impose lower limits. For more information about **AmazonProvidedDNS** and the Amazon DNS server, see [Amazon DNS server](AmazonDNS-concepts.md#AmazonDNS).
**Important**
If your VPC has an internet gateway, be sure to specify your own DNS server or an Amazon DNS server (AmazonProvidedDNS) for the **Domain name servers** value. Otherwise, the instances in the VPC won't have access to DNS, which disable internet access.
+ **NTP servers** (optional): Enter the IP addresses of up to eight Network Time Protocol (NTP) servers (four IPv4 addresses and four IPv6 addresses).
NTP servers provide the time to your network. You can specify the Amazon Time Sync Service at IPv4 address `169.254.169.123` or IPv6 address `fd00:ec2::123`. Instances communicate with the Amazon Time Sync Service by default. Note that the IPv6 address is only accessible on [EC2 instances built on the Nitro System](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-nitro-instances.html).
For more information about the NTP servers option, see [RFC 2132](https://datatracker.ietf.org/doc/html/rfc2132#section-8.3). For more information about the Amazon Time Sync Service, see [Set the time for your instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html) in the *Amazon EC2 User Guide*.
+ **NetBIOS name servers** (optional): Enter the IP addresses of up to four NetBIOS name servers.
For EC2 instances running a Windows OS, the NetBIOS computer name is a friendly name assigned to the instance to identify it on the network. The NetBIOS name server maintains a list of mappings between NetBIOS computer names and network addresses for networks that use NetBIOS as their naming service.
+ **NetBIOS node type** (optional): Enter **1**, **2**, **4**, or **8**. We recommend that you specify **2** (point-to-point or P-node). Broadcast and multicast are not currently supported. For more information about these node types, see section 8.7 of [RFC 2132](https://tools.ietf.org/html/rfc2132) and section 10 of [RFC1001](https://tools.ietf.org/html/rfc1001).
For EC2 instances running a Windows OS, this is the method that the instances use to resolve NetBIOS names to IP addresses. In the default options set, there is no value for NetBIOS node type.
+ **IPv6 Preferred Lease Time** (optional): A value (in seconds, minutes, hours, or years) for how frequently a running instance with an IPv6 assigned to it goes through DHCPv6 lease renewal. Acceptable values are between 140 and 2147483647 seconds (approximately 68 years). If no value is entered, the default lease time is 140 seconds. If you use long-term addressing for EC2 instances, you can increase the lease time and avoid frequent lease renewal requests. Lease renewal typically occurs when half of the lease time has elapsed.
1. Add **Tags**.
1. Choose **Create DHCP options set**. Note the name or ID of the new DHCP option set.
1. To configure a VPC to use the new option set, see [Change the option set associated with a VPC](#ChangingDHCPOptionsofaVPC).
**To create a DHCP option set for your VPC using the command line**
+ [create-dhcp-options](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-dhcp-options.html) (AWS CLI)
+ [New-EC2DhcpOption](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2DhcpOption.html) (AWS Tools for Windows PowerShell)
## Change the option set associated with a VPC
After you create a DHCP option set, you can associate it with one or more VPCs. You can associate only one DHCP option set with a VPC at a time. If you do not associate a DHCP option set with a VPC, this disables domain name resolution in the VPC.
When you associate a new set of DHCP options with a VPC, any existing instances and all new instances that you launch in that VPC use the new options. You don't need to restart or relaunch your instances. Instances automatically pick up the changes within a few hours, depending on how frequently they renew their DHCP leases. If you prefer, you can explicitly renew the lease using the operating system on the instance.
**To change the DHCP option set associated with a VPC using the console**
1. Open the Amazon VPC console at [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/).
1. In the navigation pane, choose **Your VPCs**.
1. Select the check box for the VPC, and then choose **Actions**, **Edit VPC settings**.
1. For **DHCP options set**, choose a new DHCP option set. Alternatively, choose **No DHCP option set** to disable domain name resolution for the VPC.
1. Choose **Save**.
**To change the DHCP option set associated with a VPC using the command line**
+ [associate-dhcp-options](https://docs.aws.amazon.com/cli/latest/reference/ec2/associate-dhcp-options.html) (AWS CLI)
+ [Register-EC2DhcpOption](https://docs.aws.amazon.com/powershell/latest/reference/items/Register-EC2DhcpOption.html) (AWS Tools for Windows PowerShell)
## Delete a DHCP option set
When you no longer need a DHCP option set, use the following procedure to delete it. You can't delete a DHCP option set if it's in use. For each VPC associated with the DHCP option set to delete, you must associate a different DHCP option set with the VPC or configure the VPC to use no DHCP option set. For more information, see [Change the option set associated with a VPC](#ChangingDHCPOptionsofaVPC).
**To delete a DHCP option set using the console**
1. Open the Amazon VPC console at [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/).
1. In the navigation pane, choose **DHCP option sets**.
1. Select the radio button for the DHCP option set, and then choose **Actions**, **Delete DHCP option set**.
1. When prompted for confirmation, enter **delete**, and then choose **Delete DHCP option set**.
**To delete a DHCP option set using the command line**
+ [delete-dhcp-options](https://docs.aws.amazon.com/cli/latest/reference/ec2/delete-dhcp-options.html) (AWS CLI)
+ [Remove-EC2DhcpOption](https://docs.aws.amazon.com/powershell/latest/reference/items/Remove-EC2DhcpOption.html) (AWS Tools for Windows PowerShell)