diff --git a/dhcp.yml b/dhcp.yml
index 4c2ef3e..4f463c9 100644
--- a/dhcp.yml
+++ b/dhcp.yml
@@ -4,5 +4,8 @@
   vars:
     service_repo: https://gitlab.federez.net/re2o/dhcp.git
     service_name: dhcp
+    dhcp:
+      authoritative: true
   roles:
     - re2o-service
+    - isc-dhcp-server
diff --git a/roles/isc-dhcp-server/tasks/main.yml b/roles/isc-dhcp-server/tasks/main.yml
new file mode 100644
index 0000000..0004081
--- /dev/null
+++ b/roles/isc-dhcp-server/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+- name: Install isc-dhcp-server
+  apt:
+    update_cache: true
+    name: isc-dhcp-server
+    state: present
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Configure isc-dhcp-server
+  template:
+    src: dhcp/dhcpd.conf.j2
+    dest: /etc/dhcp/dhcpd.conf
+    mode: 0600
+
+- name: Ensure that isc-dhcp-server is started
+  systemd:
+    name: isc-dhcp-server
+    state: started
+    enabled: true
diff --git a/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2 b/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
new file mode 100644
index 0000000..3b0da57
--- /dev/null
+++ b/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
@@ -0,0 +1,33 @@
+# dhcpd.conf
+# {{ ansible_managed }}
+
+# option definitions common to all supported networks...
+#option domain-name "example.org";
+#option domain-name-servers ns1.example.org, ns2.example.org;
+
+# We have tagged network so use last 4 bytes for tag (1500 max)
+option interface-mtu 1496;
+
+default-lease-time 600;
+max-lease-time 7200;
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+{% if dhcp.authoritative %}
+authoritative;
+{% else %}
+#authoritative;
+{% endif %}
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+#log-facility local7;
+
+# Aurore topology
+# TODO