dhcp snooping

Exactly, if you dont have any trusted port any dhcp broadcast will be dropped. You'd need to give to an specific port the right to become a trusted port to send DHCP traffic to the network follow by the trunk.

right, and I am saying that it's not working. I am still getting dhcp address  and I haven't configured any trusted port on the switch

Did you enable it ip dhcp snooping globally? a lots of people forget about this comand, without it you will be seeing the DHCP broadcast

here is what you need in your switch

- Ip dhcp snooping
- Ip dhcp snooping vlan (whatever number you want to apply it)

configure the interface:

with the trusted
Ip dhcp snooping trust.

hope it helps.

If you are using router that is directly connected to SVI as DHCP server DHCP snooping will work. IP DHCP snooping trust is needed only in direction of DHCP server. IP DHCP snooping is only dropping DHCPoffer and DHCPack from untrusted ports. And also, here ip dhcp snooping is applied only to VLAN 1, if DHCP client is currently in any other VLAN, IP DHCP snooping will not work. To apply DHCP snooping to VLANs 1-4094:
ip dhcp snooping vlan 1-4094

so you're saying that if the router is a dhcp device connect to SVI on a switch then I dont need snooping trust configured. Correct?

take a look at the image and my config below. As you see, I am using vlan 100 only. I have dhcp snooping enabled globally and for vlan 100, nothing else is configured. I have no dhcp snooping trust on g0/14 which goes to that routet configured with dhcp. I tested this and it works, I am getting dhcp to the host.

TEST_SW#sh run | i snooping
ip dhcp snooping vlan 100
ip dhcp snooping
TEST_SW#
TEST_SW#
TEST_SW#sh run int g0/14
Building configuration...

Current configuration : 155 bytes
!
interface GigabitEthernet0/14
 description TO ROUTER
 switchport trunk native vlan 100
 switchport mode trunk
 switchport nonegotiate
 no keepalive

TEST_SW#sh run int vl 1
Building configuration...

Current configuration : 48 bytes
!
interface Vlan1
 no ip address
 shutdown
end
end

Select allOpen in new window

Based in your image above.

R1 will be sending dhcp broadcast to your untrusted vlan 100 in your switch. -- At this point traffic should be rejected because you dont have any trusted port enabled.

Verify if you dont have your switch configured as DHCP or maybe something else that might be causing the issue receiving ip addresses.

I've re-created the scenario in packet-tracer and it's the same thing. I have no DHCP trusts configured anywhere and still getting dhcp addresses. In packet tracer, I configured standalone DHCP server separate form cisco devices, on different vlan separate from the host vlan and still getting IP. This is really bugging me.

Alright dude, don't get worked up that's why we are here to help you. I will be sending you a packet tracer so you can check my configuration. But I dont recommend people to use packet tracer with this kind of scenarios. Use GNS3 instead.

I think you need to add both command to the ip snooping. (Vlan 1, 100) in your case.
I see you are trunking. Here is my packet tracer file. As you will see I am not getting any ip address to that machine.
The only command I've used on the switch was
ip dhcp snooping
ip dhcp snooping vlan 1,100
Snooping.txt

well that's interesting. its clearly working for you
I can see you have the below

no ip dhcp snooping information option
and you have vlan 1 added too
ip dhcp snooping vlan 1,100

I dont see how that makes a difference since my vlan 1 is shutdown.

Also, I see you're working with LAYER 2 switch. would you be able to replicate this on layer 3?

i am using real equipment and still having the same issue. I know im not doing anything wrong. I'm using 3560 with no config on it except vlan, dhcp snooping. getting dhcp IP to hosts without the trust port

Can you, please, paste full device configurations and make sure that PC does not have static IP address configured on interface?

here you go. No static on my PC at all

TEST_TEST#sh run
Building configuration...

Current configuration : 1460 bytes
!
! Last configuration change at 14:42:27 UTC Thu Nov 2 2017
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname TEST_TEST
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
system mtu routing 1500
!
!
!
!
!
!
ip dhcp snooping vlan 1-4094 smartlog
no ip dhcp snooping information option
ip dhcp snooping
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/6
 description HOST
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast edge
!
interface GigabitEthernet0/10
 description UPLINK
 switchport trunk allowed vlan 100
 switchport trunk native vlan 100
 switchport mode trunk
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan100
 ip address 10.90.9.253 255.255.255.0
 no ip route-cache
!
ip forward-protocol nd
ip http server
ip http secure-server
!
!
!
!
!
line con 0
line vty 5 15
!
!
end

Select allOpen in new window

TEST_TEST#sh ip dhcp snooping
Switch DHCP snooping is enabled
Switch DHCP gleaning is disabled
DHCP snooping is configured on following VLANs:
1-4094
DHCP snooping is operational on following VLANs:
1,100
Smartlog is configured on following VLANs:
1-4094
Smartlog is operational on following VLANs:
1,100
DHCP snooping is configured on the following L3 Interfaces:

Insertion of option 82 is disabled
   circuit-id default format: vlan-mod-port
   remote-id: ec1d.8bac.2d00 (MAC)
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Verification of giaddr field is enabled
DHCP snooping trust/rate is configured on the following Interfaces:

Interface                  Trusted    Allow option    Rate limit (pps)
-----------------------    -------    ------------    ----------------


TEST_TEST#sh ip dhcp snooping statistics
 Packets Forwarded                                     = 27
 Packets Dropped                                       = 0
 Packets Dropped From untrusted ports                  = 0

Select allOpen in new window

by the way, used to no option 82 and with 82 and no difference, still getting dhcp to host

here is a debug of dhcp snooping i took

TEST_TEST#
Nov  2 15:36:41.468: %SYS-5-CONFIG_I: Configured from console by console
Nov  2 15:36:42.863: %LINK-3-UPDOWN: Interface GigabitEthernet0/6, changed state to down
Nov  2 15:36:45.400: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/6 for pak.  Was Vl100
Nov  2 15:36:45.400: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Vl100 for pak.  Was Gi0/6
Nov  2 15:36:45.404: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/6 for pak.  Was Vl100
Nov  2 15:36:45.404: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/6)
Nov  2 15:36:45.404: DHCP_SNOOPING: process new DHCP packet, message type: DHCPREQUEST, input interface: Gi0/6,
TEST_TEST# MAC da: ffff.ffff.ffff, MAC sa: 507b.9d72.dfc4, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 507b.9d72.dfc4
Nov  2 15:36:45.404: DHCP_SNOOPING: message type : DHCPREQUEST DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 507b.9d72.dfc4
Nov  2 15:36:45.404: DHCP_SNOOPING: add relay information option.
Nov  2 15:36:45.404: DHCP_SNOOPING_SW: encoding opt82 cid in vlan-mod-port format
Nov  2 15:36:45.404: DHCP_SNOOPING_SW: Encoding opt82 RID in MAC address format
Nov  2 15:36:45.404: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:

Nov  2 15:36:45.404: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (100)
Nov  2 15:36:45.404: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan100.
Nov  2 15:36:45.425: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/6 for pak.  Was Vl100
Nov  2 15:36:45.425: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Vl100 for pak.  Was Gi0/6
Nov  2 15:36:45.425: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/6 for pak.  Was Vl100
Nov  2 15:36:45.425: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/6)
Nov  2 15:36:45.425: DHCP_SNOOPING: process new DHCP packet, message type: DHCPREQUEST, input interface: Gi0/6, MAC da: ffff.ffff.ffff, MAC sa: 507b.9d72.dfc4, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 507b.9d72.dfc4
Nov  2 15:36:45.425: DHCP_SNOOPING: message type : DHCPREQUEST DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 507b.9d72.dfc4
Nov  2 15:36:45.425: DHCP_SNOOPING: add relay information option.
Nov  2 15:36:45.425: DHCP_SNOOPING_SW: encoding opt82 cid in vlan-mod-port format
Nov  2 15:36:45.425: DHCP_SNOOPING_SW: Encoding opt82 RID in MAC address format
Nov  2 15:36:45.425: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:

Nov  2 15:36:45.428: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (100)
Nov  2 15:36:45.428: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan100.
Nov  2 15:36:47.337: %LINK-3-UPDOWN: Interface GigabitEthernet0/6, changed state to up
Nov  2 15:36:48.340: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/6, changed state to up
Nov  2 15:36:48.497: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/6 for pak.  Was Vl100
Nov  2 15:36:48.497: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Vl100 for pak.  Was Gi0/6
Nov  2 15:36:48.497: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/6 for pak.  Was Vl100
Nov  2 15:36:48.497: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/6)
Nov  2 15:36:48.497: DHCP_SNOOPING: process new DHCP packet, message type: DHCPREQUEST, input interface: Gi0/6, MAC da: ffff.ffff.ffff, MAC sa: 507b.9d72.dfc4, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 507b.9d72.dfc4
Nov  2 15:36:48.497: DHCP_SNOOPING: message type : DHCPREQUEST DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 507b.9d72.dfc4
Nov  2 15:36:48.497: DHCP_SNOOPING: add relay information option.
Nov  2 15:36:48.497: DHCP_SNOOPING_SW: encoding opt82 cid in vlan-mod-port format
Nov  2 15:36:48.497: DHCP_SNOOPING_SW: Encoding opt82 RID in MAC address format
Nov  2 15:36:48.497: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:

Nov  2 15:36:48.497: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (100)
Nov  2 15:36:48.501: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan100.
Nov  2 15:36:54.663: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/6 for pak.  Was Vl100
Nov  2 15:36:54.666: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Vl100 for pak.  Was Gi0/6
Nov  2 15:36:54.666: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/6 for pak.  Was Vl100
Nov  2 15:36:54.666: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/6)
Nov  2 15:36:54.666: DHCP_SNOOPING: process new DHCP packet, message type: DHCPREQUEST, input interface: Gi0/6, MAC da: ffff.ffff.ffff, MAC sa: 507b.9d72.dfc4, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 507b.9d72.dfc4
Nov  2 15:36:54.666: DHCP_SNOOPING: message type : DHCPREQUEST DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 507b.9d72.dfc4
Nov  2 15:36:54.666: DHCP_SNOOPING: add relay information option.
Nov  2 15:36:54.666: DHCP_SNOOPING_SW: encoding opt82 cid in vlan-mod-port format
Nov  2 15:36:54.666: DHCP_SNOOPING_SW: Encoding opt82 RID in MAC address format
Nov  2 15:36:54.666: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:

Nov  2 15:36:54.666: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (100)
Nov  2 15:36:54.666: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan100.
TEST_TEST#
Nov  2 15:37:11.618: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/6 for pak.  Was Vl100
Nov  2 15:37:11.618: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Vl100 for pak.  Was Gi0/6
Nov  2 15:37:11.618: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/6 for pak.  Was Vl100
Nov  2 15:37:11.618: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/6)
Nov  2 15:37:11.618: DHCP_SNOOPING: process new DHCP packet, message type: DHCPREQUEST, input interface: Gi0/6,u   MAC da: ffff.ffff.ffff, MAC sa: 507b.9d72.dfc4, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 507b.9d72.dfc4
Nov  2 15:37:11.618: DHCP_SNOOPING: message type : DHCPREQUEST DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 507b.9d72.dfc4
Nov  2 15:37:11.618: DHCP_SNOOPING: add relay information option.
Nov  2 15:37:11.618: DHCP_SNOOPING_SW: encoding opt82 cin vlan-mod-port format
Nov  2 15:37:11.618: DHCP_SNOOPING_SW: Encoding opt82 RID in MAC address format
Nov  2 15:37:11.618: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:

Nov  2 15:37:11.622: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (100)
Nov  2 15:37:11.622: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan100.
Nov  2 15:37:15.736: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/6 for pak.  Was Vl100
Nov  2 15:37:15.736: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Vl100 for pak.  Was Gi0/6
Nov  2 15:37:15.736: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/6 for pak.  Was Vl100
Nov  2 15:37:15.736: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/6)
Nov  2 15:37:15.736: DHCP_SNOOPING: process new DHCP packet, message type: DHCPREQUEST, input interface: Gi0/6, MAC da: ffff.ffff.ffff, MAC sa: 507b.9d72.dfc4, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 507b.9d72.dfc4
Nov  2 15:37:15.736: DHCP_SNOOPING: message type : DHCPREQUEST DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 507b.9d72.dfc4
Nov  2 15:37:15.736: DHCP_SNOOPING: add relay information option.
Nov  2 15:37:15.736: DHCP_SNOOPING_SW: encoding opt82 cid in vlan-mod-port format
Nov  2 15:37:15.736: DHCP_SNOOPING_SW: Encoding opt82 RID in MAC address format
Nov  2 15:37:15.736: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:

Nov  2 15:37:15.739: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (100)
Nov  2 15:37:15.739: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan100.
Nov  2 15:37:22.845: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/6 for pak.  Was Vl100
Nov  2 15:37:22.845: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Vl100 for pak.  Was Gi0/6
Nov  2 15:37:22.845: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/6 for pak.  Was Vl100
Nov  2 15:37:22.845: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/6)
Nov  2 15:37:22.849: DHCP_SNOOPING: process new DHCP packet, message type: DHCPREQUEST, input interface: Gi0/6, MAC da: ffff.ffff.ffff, MAC sa: 507b.9d72.dfc4, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 507b.9d72.dfc4
Nov  2 15:37:22.849: DHCP_SNOOPING: message type : DHCPREQUEST DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 507b.9d72.dfc4
Nov  2 15:37:22.849: DHCP_SNOOPING: add relay information option.
Nov  2 15:37:22.849: DHCP_SNOOPING_SW: encoding opt82 cid in vlan-mod-port format
Nov  2 15:37:22.849: DHCP_SNOOPING_SW: Encoding opt82 RID in MAC address format
Nov  2 15:37:22.849: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:

Nov  2 15:37:22.849: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (100)
Nov  2 15:37:22.849: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan100.

Select allOpen in new window

here is the interesting one

Nov  2 15:49:58.288: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (100)
Nov  2 15:49:58.288: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan100.
Nov  2 15:50:03.276: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/6 for pak.  Was Vl100
Nov  2 15:50:03.276: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Vl100 for pak.  Was Gi0/6
Nov  2 15:50:03.276: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/6 for pak.  Was Vl100
Nov  2 15:50:03.276: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/6)
Nov  2 15:50:03.279: DHCP_SNOOPING: process new DHCP packet, message type: DHCPINFORM, input interface: Gi0/6, MAC da: ffff.ffff.ffff, MAC sa: 507b.9d72.dfc4, IP da: 255.255.255.255, IP sa: 10.90.9.52, DHCP ciaddr: 10.90.9.52, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 507b.9d72.dfc4
Nov  2 15:50:03.279: DHCP_SNOOPING: message type : DHCPINFORM DHCP ciaddr: 10.90.9.52, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 507b.9d72.dfc4
Nov  2 15:50:03.279: DHCP_SNOOPING: add relay information option.
Nov  2 15:50:03.279: DHCP_SNOOPING_SW: encoding opt82 cid in vlan-mod-port format
Nov  2 15:50:03.279: DHCP_SNOOPING_SW: Encoding opt82 RID in MAC address format
Nov  2 15:50:03.279: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:
Nov  2 15:50:03.279: 0x52
Nov  2 15:50:03.279: 0x12

Select allOpen in new window

The last one is interesting. :)
Host is informed about extension of IP address that was previously assigned by DHCP server. DHCP information was not negotiated by "normal" process (Server should reply with DHCPoffer and DHCPack). Looks like host is informing server that it will use specific IP address.  I am not familiar with this process.

DHCPInform

DHCPInform is a new DHCP message type, defined in RFC 2131, used by computers on the network to request and obtain information from a DHCP server for use in their local configuration. When this message type is used, the sender is already externally configured for its IP address on the network, which may or may not have been obtained using DHCP.  

i think it might be the router. I cannot clear arp off of it. Once i do, the DHCP address comes back in arp as "incomplete" but its still there. then then as soon as I plug the pc into the port, i immediately get the same IP which is weird

Inform is used by computers.  

DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/6)

DHCP_SNOOPING: process new DHCP packet, message type: DHCPINFORM,

Packet is received by interface Gi0/6.

should I try different computer?

You can try anything.
One problem that is hard to solve makes you learn way much more about how things work than 100 smooth implementations.
 :)

i actually shut down the interface to the host and configured "ip dhcp excluded-address 10.90.9.50 10.90.9.60" and i still got the same 53 ip

alllrightt. Mystery solved. It was the laptop. I got a non desktop/laptop host. Connected to the switch. Works like charm. Played around with different scenarios, and it was blocking until I configured the trust port. Definitely something in the windows auto-config. Thanks for all your help!

Thank you!!

You're welcome.