diff --git a/roles/services/handlers/main.yml b/roles/services/handlers/main.yml
index 2727cca..fa05b49 100644
--- a/roles/services/handlers/main.yml
+++ b/roles/services/handlers/main.yml
@@ -5,3 +5,7 @@
 - name: reload-systemd
   command:
     cmd: systemctl daemon-reload
+- name: restart-dhcp
+  systemd:
+    name: isc-dhcp-server
+    state: restarted
diff --git a/roles/services/tasks/dhcp.yml b/roles/services/tasks/dhcp.yml
new file mode 100644
index 0000000..a230c8a
--- /dev/null
+++ b/roles/services/tasks/dhcp.yml
@@ -0,0 +1,56 @@
+- name: Install DHCP packages
+  apt:
+    name: isc-dhcp-server
+    state: present
+    install_recommends: no
+- name: Set DHCP configurations from templates
+  template:
+    src: "{{ item }}"
+    dest: "/etc/dhcp/{{ item }}"
+    owner: root
+    group: root
+    mode: "u=rw,g=r,o=r"
+  loop:
+    - dhcpd.conf
+    - partner.conf
+  notify: restart-dhcp
+- name: Set rndc.key from template
+  template:
+    src: rndc.key
+    dest: /etc/dhcp/rndc.key
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=
+  notify: restart-dhcp
+- name: Ensure that the directories exist
+  file:
+    path: "/etc/dhcp/subnets"
+    state: directory
+    owner: root
+    group: root
+    mode: "0755"
+- name: Map subnets
+  copy:
+    content: "{{ item.value }}"
+    dest: "/etc/dhcp/subnets/{{ item.key }}"
+    owner: root
+    group: root
+    mode: "0644"
+  loop: "{{ subnets_files | dict2items }}"
+- name: Get default IPv4 interface
+  command: ip -o -4 route show default
+  register: default_route
+- name: Extract interface default name
+  set_fact:
+    active_interface: "{{ default_route.stdout.split()[-1] }}"
+- name: Disable IPv6
+  replace:
+    path: /etc/default/isc-dhcp-server
+    regexp: '^INTERFACESv6="(.*)"'
+    replace: '#INTERFACESv6="\1"'
+- name: Set interface IPv4 
+  lineinfile:
+    path: /etc/default/isc-dhcp-server
+    regexp: '^INTERFACESv4='
+    line: 'INTERFACESv4="{{ active_interface }}"'
+    state: present
\ No newline at end of file
diff --git a/roles/services/tasks/main.yml b/roles/services/tasks/main.yml
index c86c5c8..f39cc77 100644
--- a/roles/services/tasks/main.yml
+++ b/roles/services/tasks/main.yml
@@ -2,3 +2,5 @@
   tags: timeserver
 - import_tasks: adsamba.yml
   tags: adsamba
+- import_tasks: dhcp.yml
+  tags: dhcp
diff --git a/roles/services/templates/dhcpd.conf b/roles/services/templates/dhcpd.conf
new file mode 100644
index 0000000..47f5af2
--- /dev/null
+++ b/roles/services/templates/dhcpd.conf
@@ -0,0 +1,58 @@
+include "/etc/dhcp/rndc.key";
+
+omapi-port 7911;
+omapi-key rndc-key;
+
+#++++++++++++++++++++++++++++++++++++++++++++++ Global
+
+authoritative;
+log-facility local7;
+update-static-leases on;
+use-host-decl-names on;
+default-lease-time 86400;
+max-lease-time 86400;
+
+option domain-name "{{ domain_name.name }}";
+option domain-name-servers {{ domain_name.servers }};
+option ntp-servers {{ ntp_servers }};
+
+# DHCP daemon uses default time zone UTC
+db-time-format local;
+
+# Allow each client to have exactly one lease, and expire
+# old leases if a new DHCPDISCOVER occurs
+one-lease-per-client true;
+
+# This checking cause just 1s time delay in responding DHCPDISCOVER messages
+# but it may help to abandone old leases from db
+ping-check true;
+
+#++++++++++++++++++++++++++++++++++++++++++++++ DNS
+
+ddns-update-style interim;
+ddns-updates on;
+
+deny client-updates;
+deny duplicates;
+deny declines;
+
+zone 10.in-addr.arpa. {
+	primary {{ domain_name.server_primary }};
+	key rndc-key;
+}
+zone 16.172.in-addr.arpa. {
+	primary {{ domain_name.server_primary }};
+	key rndc-key;
+}
+zone 168.192.in-addr.arpa. {
+	primary {{ domain_name.server_primary }};
+	key rndc-key;
+}
+
+on commit {
+	log (concat("Host registered: ", config-option host-name));
+}
+
+#++++++++++++++++++++++++++++++++++++++++++++++ Subnets
+
+{{ subnets }}
diff --git a/roles/services/templates/partner.conf b/roles/services/templates/partner.conf
new file mode 100644
index 0000000..ab3b952
--- /dev/null
+++ b/roles/services/templates/partner.conf
@@ -0,0 +1 @@
+{{ partner }}
\ No newline at end of file
diff --git a/roles/services/templates/rndc.key b/roles/services/templates/rndc.key
new file mode 100644
index 0000000..5ed1d24
--- /dev/null
+++ b/roles/services/templates/rndc.key
@@ -0,0 +1,4 @@
+key "rndc-key" {
+	algorithm hmac-md5;
+	secret "{{ lookup(passbolt, 'rndc-key', folder_parent_id=passbolt_folder).password }}";
+};
\ No newline at end of file