What considerations would you have when deciding on installing the DCHP services onto a machine currently serving in the gateway role.
What issues/concerns/considerations would you have in this scenario. Cost isn't the concern, but rather security, maintainability. Anything else?
Running a DHCP service on your gateway is not insecure, in itself. But it's also not the most secure option, either. Any network service can potentially lead to a compromise, if the service has a security vulnerability, or isn't properly configured.
The added risk would be pretty small if you take some basic security precautions:
These are just the standard security practices that apply to any service, on any host. It's still possible that an internal attacker could exploit a zero-day vulnerability in your DHCP service, but that's the best guarantee you can get with any service.
But there's no universal answer to this question. Each person needs to weigh the risks versus the costs for himself and his organization.
Just make sure to have the DHCP server assigned to the correct interface, and that UDP ports 67 and 68 aren't open to the outside (unless you have some sort of relay configuration set up). Should be fine.
No matter what angle you look at it - You're making yourself more insecure, not nessasarily insecure enough to justify not implementing DHCP through your gateway, but you're leading yourself into some issues. Heres some questions you can answer for yourself to see if you justify the worth
If you're concerned with security, its worth keeping in mind the serious implications of a compromise of either your DHCP server by external attackers, but also of the implications of internal attacks compromising your data integrity.
I think Ryan gave some of the most sound advice in any case - Be vigilant, Keep yourself updated on attacker methodologies, and review logs when time permits.