diff --git a/lib/licenses.nix b/lib/licenses.nix
index 29144264ddd2..c01ed0d7fbec 100644
--- a/lib/licenses.nix
+++ b/lib/licenses.nix
@@ -121,6 +121,12 @@ rec {
     url = https://fedoraproject.org/wiki/Licensing/GPL_Classpath_Exception;
   };
 
+  isc = {
+    shortName = "ISC License";
+    fullName = "Internet Systems Consortium License";
+    url = http://www.isc.org/downloads/software-support-policy/isc-license/;
+  };
+
   inria = {
     shortName = "INRIA-NCLA";
     fullName  = "INRIA Non-Commercial License Agreement";
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix
index 8a459ce5e889..fa81ff8a8398 100644
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@@ -140,6 +140,7 @@
       mopidy = 130;
       unifi = 131;
       gdm = 132;
+      dhcpd = 133;
 
       # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
 
diff --git a/nixos/modules/services/networking/dhcpd.nix b/nixos/modules/services/networking/dhcpd.nix
index e5e1c103c686..900df67b53aa 100644
--- a/nixos/modules/services/networking/dhcpd.nix
+++ b/nixos/modules/services/networking/dhcpd.nix
@@ -13,7 +13,7 @@ let
       default-lease-time 600;
       max-lease-time 7200;
       authoritative;
-      ddns-update-style ad-hoc;
+      ddns-update-style interim;
       log-facility local1; # see dhcpd.nix
 
       ${cfg.extraConfig}
@@ -108,22 +108,41 @@ in
 
   config = mkIf config.services.dhcpd.enable {
 
-    jobs.dhcpd =
+    users = {
+      extraUsers.dhcpd = {
+        uid = config.ids.uids.dhcpd;
+        description = "DHCP daemon user";
+      };
+    };
+
+    systemd.services.dhcpd =
       { description = "DHCP server";
 
-        startOn = "started network-interfaces";
-        stopOn = "stopping network-interfaces";
+        wantedBy = [ "multi-user.target" ];
 
-        script =
+        after = [ "network.target" ];
+
+        path = [ pkgs.dhcp ];
+
+        preStart =
           ''
             mkdir -m 755 -p ${stateDir}
 
             touch ${stateDir}/dhcpd.leases
 
-            exec ${pkgs.dhcp}/sbin/dhcpd -f -cf ${configFile} \
-                -lf ${stateDir}/dhcpd.leases \
-                ${toString cfg.interfaces}
+            mkdir -m 755 -p /run/dhcpd
+            chown dhcpd /run/dhcpd
           '';
+
+        serviceConfig =
+          { ExecStart = "@${pkgs.dhcp}/sbin/dhcpd dhcpd"
+              + " -pf /run/dhcpd/dhcpd.pid -cf ${configFile}"
+              + " -lf ${stateDir}/dhcpd.leases -user dhcpd -group nogroup"
+              + " ${toString cfg.interfaces}";
+            Restart = "always";
+            Type = "forking";
+            PIDFile = "/run/dhcpd/dhcpd.pid";
+          };
       };
 
   };
diff --git a/pkgs/tools/networking/dhcp/default.nix b/pkgs/tools/networking/dhcp/default.nix
index 2dac54577b8b..07925ca110df 100644
--- a/pkgs/tools/networking/dhcp/default.nix
+++ b/pkgs/tools/networking/dhcp/default.nix
@@ -1,11 +1,12 @@
-{ stdenv, fetchurl, nettools, iputils, iproute, makeWrapper, coreutils, gnused }:
+{ stdenv, fetchurl, perl, file, nettools, iputils, iproute, makeWrapper, coreutils, gnused }:
 
 stdenv.mkDerivation rec {
-  name = "dhcp-4.1-ESV-R6";
+  name = "dhcp-${version}";
+  version = "4.3.0";
   
   src = fetchurl {
-    url = http://ftp.isc.org/isc/dhcp/4.1-ESV-R6/dhcp-4.1-ESV-R6.tar.gz;
-    sha256 = "17md1vml07szl9dx4875gfg4sgnb3z73glpbq1si7p82mfhnddny";
+    url = "http://ftp.isc.org/isc/dhcp/${version}/${name}.tar.gz";
+    sha256 = "12mydvj6x3zcl3gla06bywfkkrgg03g66fijs94mwb7kbiym3dm7";
   };
 
   patches =
@@ -23,13 +24,15 @@ stdenv.mkDerivation rec {
   # Fixes "socket.c:591: error: invalid application of 'sizeof' to
   # incomplete type 'struct in6_pktinfo'".  See
   # http://www.mail-archive.com/blfs-book@linuxfromscratch.org/msg13013.html
-  NIX_CFLAGS_COMPILE = "-D_GNU_SOURCE";
+  #
+  # Also adds the ability to run dhcpd as a non-root user / group
+  NIX_CFLAGS_COMPILE = "-D_GNU_SOURCE -DPARANOIA";
 
   # It would automatically add -Werror, which disables build in gcc 4.4
   # due to an uninitialized variable.
   CFLAGS = "-g -O2 -Wall";
 
-  buildInputs = [ makeWrapper ];
+  buildInputs = [ perl makeWrapper ];
 
   postInstall =
     ''
@@ -42,11 +45,12 @@ stdenv.mkDerivation rec {
 
   preConfigure =
     ''
+      substituteInPlace configure --replace "/usr/bin/file" "${file}/bin/file"
       sed -i "includes/dhcpd.h" \
 	-"es|^ *#define \+_PATH_DHCLIENT_SCRIPT.*$|#define _PATH_DHCLIENT_SCRIPT \"$out/sbin/dhclient-script\"|g"
     '';
 
-  meta = {
+  meta = with stdenv.lib; {
     description = "Dynamic Host Configuration Protocol (DHCP) tools";
 
     longDescription = ''
@@ -57,6 +61,8 @@ stdenv.mkDerivation rec {
    '';
 
     homepage = http://www.isc.org/products/DHCP/;
-    license = "http://www.isc.org/sw/dhcp/dhcp-copyright.php";
+    license = licenses.isc;
+    platforms = platforms.unix;
+    maintainers = with maintainers; [ wkennington ];
   };
 }