I think this is one of the best explanation of DHCP D.O.R.A. I’ve ever heard. Thanks to “tech-airman” .
When the PC is turned on, the NIC has a MAC address but no IP address. So the PC tries to „Discover“ the DHCP server by sending out a „Discover“ packet. In that packet, the destination IP address is 255.255.255.255 and source IP address of 0.0.0.0 (because the PC doesn’t have an IP address yet). That Discover packet is encapsulated into an Data Link layer Ethernet Frame. That Ethernet Frame has a destination address of FF:FF:FF:FF:FF:FF and the source address of whatever the MAC address of the PC’s nic is, let’s call it PC:MA:CA:DD:RR:SS (I know this is not a valid MAC address). Now, since the destination address is FF:FF:FF:FF:FF:FF, the first switch that receives the frame will, by definition, send that frame out of every single switch port, except the switch port that received the frame. Since the switch doesn’t know (from it’s CAM table), who FF:FF:FF:FF:FF:FF is, it forwards the Discover packet out of every single switch port, except the switch port that received the frame. Let’s say the DHCP server is directly connected to the switch. So the DHCP server first receives the Ethernet frame with the destination address of FF:FF:FF:FF:FF:FF (which by definition, means itself), and a source address of PC:MA:CA:DD:RR:SS. So when the DHCP server receives that Discover Packet, it replies to it by sending the Offer Packet. Since the DHCP server has no idea who was contacting them (since PC currently has an IP address of 0.0.0.0), the Offer packet has the destination address of 255.255.255.255. But the DHCP server remembered the MAC address of whoever it was trying to contact them, so the DHCP server sends out the Offer packet in a frame with a destination address of PC:MA:CA:DD:RR:SS and uses it’s own source address of DH:CP:SE:RV:ER:MC (again, I know this is not a valid MAC address). So the Offer packet is sent from the DHCP server to the PC as a unicast not a broadcast. So the switch receives the frame from the DHCP server and forwards it to the PC which receives the Offer packet. Then the rest of the DHCP process of R and A occurs.
So that’s why the „…the first two messages in the DHCP are broadcast messages…“ refers to Network Layer IP broadcast messages (destination IP address of 255.255.255.255). Then „…only the first message (the Discover message) is a LAN Broadcast…“ because only the Discover packet’s frame had the Ethernet destination address of FF:FF:FF:FF:FF:FF (therefore a LAN broadcast) and the Offer packet’s frame had the Ethernet destination address of PC:MA:CA:DD:RR:SS (therefore a LAN unicast).