diff --git a/Arch-0002-iproute2.patch b/Arch-0002-iproute2.patch
new file mode 100644
index 0000000..74a4be6
--- /dev/null
+++ b/Arch-0002-iproute2.patch
@@ -0,0 +1,15 @@
+https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/dhcp
+
+diff --git a/client/scripts/linux b/client/scripts/linux
+index 5fb16121..c4cef632 100755
+--- a/client/scripts/linux
++++ b/client/scripts/linux
+@@ -362,7 +362,7 @@ case "$reason" in
+         interface_up_wait_time=5
+         for i in $(seq 0 ${interface_up_wait_time})
+         do
+-            ifconfig ${interface} | grep RUNNING >/dev/null 2>&1
++            ${ip} link show dev ${interface} | grep -q LOWER_UP 2>&1
+             if [ $? -eq 0 ]; then
+                 break;
+             fi
diff --git a/ROSA-NEWS b/ROSA-NEWS
new file mode 100644
index 0000000..6b06e56
--- /dev/null
+++ b/ROSA-NEWS
@@ -0,0 +1,25 @@
+dhcp v4.4.1
+05.10.2018
+by mikhailnov
+
+* Removed 'After=syslog.target' from systemd service dhcpd.service
+https://www.freedesktop.org/wiki/Software/systemd/syslog/ says:
+"we do no longer recommend people to order their units after syslog.target"
+
+* Merged old ROSA's dhcpd(6).service and Arch's dhcpd{4|6}.service
+
+* dhcpd user was added on package installation (dhcp-server), but dhcpd was actually ran from root, not dhcpd
+* use sysusers.d(5) (config isc-dhcpd.conf) instaed of manually created dhcpd user
+* migration: delete dhcpd user on package uninstallation
+* the same for dhclient (isc-dhcp-client.conf) (will it work from not root?)
+
+* /etc/sysconfig/dhcp6 called in dhcpd6.service did not exist (dhcpd6.service was broken);
+let's use copy /etc/sysconfig/dhcpd to /etc/sysconfig/dhcpd6 
+
+* TODO: Fedora's patch dhcp-paths.patch
+
+* Empty leases databases are not created on package build anymore (what for were they created?)
+
+* /var/lib/dhcpd and /var/lib/dhclient are now defined as variables in the RPM spec
+
+* dhclient@.service from Arch Linux, added: 'User=isc-dhcp-client', - to run dhclient from not root (requires testing)
diff --git a/dhclient@.service b/dhclient@.service
new file mode 100644
index 0000000..01b3841
--- /dev/null
+++ b/dhclient@.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=dhclient on %I
+Wants=network.target
+Before=network.target
+
+[Service]
+ExecStart=/usr/sbin/dhclient -pf /run/dhclient@%i/dhclient.pid -d %I
+RuntimeDirectory=dhclient@%i
+User=isc-dhcp-client
+ProtectSystem=on
+ProtectHome=on
+
+[Install]
+WantedBy=multi-user.target 
diff --git a/dhcp.spec b/dhcp.spec
index fa57614..c56a98e 100644
--- a/dhcp.spec
+++ b/dhcp.spec
@@ -1,10 +1,12 @@
-%define major_version	4.3.2
+%define major_version	4.4.1
 %define patch_version	%{nil}
+%define var_dhcpd %{_var}/lib/dhcpd
+%define var_dhclient %{_var}/lib/dhclient
 
 Name:		dhcp
 Epoch:		3
 Version:	%{major_version}%{patch_version}
-Release:	9
+Release:	1
 Summary:	The ISC DHCP (Dynamic Host Configuration Protocol) server/relay agent/client
 License:	Distributable
 Group:		System/Servers
@@ -24,6 +26,11 @@ Source16:	dhcrelay.service
 Source17:	dhcpd.tmpfiles
 Source18:	dhclient.tmpfiles
 Source19:	dhcrelay.tmpfiles
+# sysusers.d(5) (systemd-sysusers)
+Source20:	isc-dhcpd.conf
+Source21:	isc-dhcp-client.conf
+Source22:	dhclient@.service
+
 # mageia patches
 Patch100:	dhcp-4.2.2-ifup.patch
 #Patch101:	dhcp-4.2.2-fix-format-errors.patch # I see it applied in the source already
@@ -178,10 +185,10 @@ install -m0644 %{SOURCE10} doc
     --enable-paranoia \
     --enable-early-chroot \
     --with-ldapcrypto \
-    --with-srv-lease-file=%{_var}/lib/dhcpd/dhcpd.leases \
-    --with-srv6-lease-file=%{_var}/lib/dhcpd/dhcpd6.leases \
-    --with-cli-lease-file=%{_var}/lib/dhclient/dhclient.leases \
-    --with-cli6-lease-file=%{_var}/lib/dhclient/dhclient6.leases \
+    --with-srv-lease-file=%{var_dhcpd}/dhcpd.leases \
+    --with-srv6-lease-file=%{var_dhcpd}/dhcpd6.leases \
+    --with-cli-lease-file=%{var_dhclient}/dhclient.leases \
+    --with-cli6-lease-file=%{var_dhclient}/dhclient6.leases \
     --with-srv-pid-file=/run/dhcpd/dhcpd.pid \
     --with-srv6-pid-file=/run/dhcpd/dhcpd6.pid \
     --with-cli-pid-file=/run/dhclient/dhclient.pid \
@@ -203,11 +210,16 @@ install -d %{buildroot}%{_unitdir}
 install -m 644 %{SOURCE12} %{buildroot}%{_unitdir}/dhcpd.service
 install -m 644 %{SOURCE14} %{buildroot}%{_unitdir}/dhcpd6.service
 install -m 644 %{SOURCE16} %{buildroot}%{_unitdir}/dhcrelay.service
+install -m 644 %{SOURCE22} %{buildroot}%{_unitdir}/
 
 install -D -p -m 644 %{SOURCE17} %{buildroot}%{_tmpfilesdir}/dhcpd.conf
 install -D -p -m 644 %{SOURCE18} %{buildroot}%{_tmpfilesdir}/dhclient.conf
 install -D -p -m 644 %{SOURCE19} %{buildroot}%{_tmpfilesdir}/dhcrelay.conf
 
+install -d %{buildroot}%{_sysusersdir}
+install -m 644 %{SOURCE20} %{buildroot}%{_sysusersdir}/
+install -m 644 %{SOURCE21} %{buildroot}%{_sysusersdir}/
+
 install -m 755 %{SOURCE7} %{SOURCE8} %{buildroot}%{_sbindir}
 install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}
 install -m 755 contrib/ldap/dhcpd-conf-to-ldap %{buildroot}%{_sbindir}
@@ -223,7 +235,7 @@ cat > %{buildroot}%{_sysconfdir}/sysconfig/dhcpd <<EOF
 # CONFIGFILE="/etc/dhcpd.conf"
 
 # Where to store the lease state information.
-# LEASEFILE="/var/lib/dhcpd/dhcpd.leases"
+# LEASEFILE="%{var_dhcpd}/dhcpd.leases"
 
 # Define INTERFACES to limit which network interfaces dhcpd listens on.
 # The default null value causes dhcpd to listen on all interfaces.
@@ -234,10 +246,12 @@ cat > %{buildroot}%{_sysconfdir}/sysconfig/dhcpd <<EOF
 OPTIONS="-q"
 EOF
 
-install -d %{buildroot}%{_var}/lib/dhcpd
-touch %{buildroot}%{_var}/lib/dhcpd/dhcpd.leases
-install -d %{buildroot}%{_var}/lib/dhclient
-touch %{buildroot}%{_var}/lib/dhclient/dhclient.leases
+cat %{buildroot}%{_sysconfdir}/sysconfig | sed 's,dhcpd,dhcpd6,g' > %{buildroot}%{_sysconfdir}/sysconfig6
+
+install -d %{buildroot}%{var_dhcpd}
+#touch %{buildroot}%{var_dhcpd}/dhcpd.leases
+install -d %{buildroot}%{var_dhclient}
+#touch %{buildroot}%{var_dhclient}/dhclient.leases
 
 cat > %{buildroot}%{_sysconfdir}/sysconfig/dhcrelay <<EOF
 # Define SERVERS with a list of one or more DHCP servers where
@@ -283,16 +297,17 @@ include %{_sysconfdir}/openldap/schema/dhcp.schema
 
 EOF
 
-%pre server
-%_pre_useradd dhcpd /dev/null /bin/false
+#\%pre server
+#\%_pre_useradd dhcpd /dev/null /bin/false
 
 %post server
 %_post_service dhcpd
 %tmpfiles_create dhcpd.conf
-# New dhcpd lease file
-if [ ! -f %{_var}/lib/dhcpd/dhcpd.leases ]; then
-    touch %{_var}/lib/dhcpd/dhcpd.leases
-fi
+%sysusers_create isc-dhcpd.conf
+# migrate from root:root as it was before ROSA package v4.4.1
+# create this directory if it does not esist and then chmod it to allow dhcpd to work properly
+[ ! -d %{var_dhcpd}/ ] && mkdir -p %{var_dhcpd}/
+[ -d %{var_dhcpd} ] && chown -R isc-dhcpd:isc-dhcpd %{var_dhcpd}/
 
 %preun server
 %_preun_service dhcpd
@@ -305,14 +320,24 @@ fi
 %_preun_service dhcrelay
 
 %post client
-touch %{_var}/lib/dhclient/dhclient.leases
+#touch %{var_dhclient}/dhclient.leases
+# migrate from root:root as it was before ROSA package v4.4.1
+# create this directory if it does not esist and then chmod it to allow dhcpd to work properly
+%sysusers_create isc-dhcp-client.conf
+[ ! -d %{var_dhclient}/ ] && mkdir -p %{var_dhclient}/
+[ -d %{var_dhclient} ] && chown -R isc-dhcp-client:isc-dhcp-client %{var_dhclient}/
 %tmpfiles_create dhclient.conf
 
 %postun client
-rm -rf %{_var}/lib/dhclient/dhclient.leases
+rm -rf %{var_dhclient}/dhclient.leases
+
+%postun server
+# Migrate from dhcpd user created by scripts
+# to a dynamic user by systemd-sysusers
+%_postun_userdel dhcpd 2>&1 >/dev/null || true
 
 %files common
-%doc README contrib/ldap/README.ldap RELNOTES
+%doc README ROSA-NEWS contrib/ldap/README.ldap RELNOTES
 %doc contrib/3.0b1-lease-convert
 %{_mandir}/man5/dhcp-options.5*
 
@@ -327,6 +352,7 @@ rm -rf %{_var}/lib/dhclient/dhclient.leases
 %config(noreplace) %{_sysconfdir}/dhcpd.conf
 %config(noreplace) %{_sysconfdir}/dhclient-exit-hooks
 %config(noreplace) %{_sysconfdir}/sysconfig/dhcpd
+%config(noreplace) %{_sysconfdir}/sysconfig/dhcpd6
 %{_sbindir}/dhcpd
 %{_sbindir}/dhcpreport.pl
 %{_sbindir}/dhcpd-conf-to-ldap
@@ -338,8 +364,8 @@ rm -rf %{_var}/lib/dhclient/dhclient.leases
 %{_mandir}/man5/dhcpd.leases.5*
 %{_mandir}/man5/dhcp-eval.5*
 %{_mandir}/man8/dhcpd.8*
-%dir %{_var}/lib/dhcpd
-%config(noreplace) %ghost %{_var}/lib/dhcpd/dhcpd.leases
+%dir %{var_dhcpd}
+%config(noreplace) %ghost %{var_dhcpd}/dhcpd.leases
 
 %files relay
 %{_unitdir}/dhcrelay.service
@@ -352,13 +378,14 @@ rm -rf %{_var}/lib/dhclient/dhclient.leases
 %doc client/dhclient.conf.example
 %attr (0755,root,root) /sbin/dhclient-script
 %{_tmpfilesdir}/dhclient.conf
+%{_unitdir}/dhclient@.service
 /sbin/dhclient
 %{_mandir}/man5/dhclient.conf.5*
 %{_mandir}/man5/dhclient.leases.5*
 %{_mandir}/man8/dhclient.8*
 %{_mandir}/man8/dhclient-script.8*
-%dir %{_var}/lib/dhclient
-%config(noreplace) %ghost %{_var}/lib/dhclient/dhclient.leases
+%dir %{var_dhclient}
+%config(noreplace) %ghost %{var_dhclient}/dhclient.leases
 
 %files devel
 %{_includedir}/*
diff --git a/dhcpd.service b/dhcpd.service
index 4cb5a58..4bacf76 100644
--- a/dhcpd.service
+++ b/dhcpd.service
@@ -1,13 +1,28 @@
 [Unit]
 Description=DHCPv4 Server Daemon
-After=syslog.target network.target ldap.service
+Documentation=man:dhcpd(8) man:dhcpd.conf(5)
+Wants=network-online.target
+# ldap.service: probably LDAP server starts first and dhcpd must start providing DHCP server only after LDAP has started to use LDAP for IP addresses (?)
+After=network-online.target time-sync.target ldap.service
 
 [Service]
 Environment=CONFIGFILE=/etc/dhcpd.conf LEASEFILE=/var/lib/dhcpd/dhcpd.leases
 EnvironmentFile=-/etc/sysconfig/dhcpd
 Type=forking
-PIDFile=/run/dhcpd/dhcpd.pid
 ExecStart=/usr/sbin/dhcpd -pf /run/dhcpd/dhcpd.pid -cf $CONFIGFILE -lf $LEASEFILE $OPTIONS $INTERFACES
+PIDFile=/run/dhcpd/dhcpd.pid
+User=isc-dhcpd
+AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW
+ProtectSystem=full
+ProtectHome=on
+KillSignal=SIGINT
+# We pull in network-online.target for a configured network connection.
+# However this is not guaranteed to be the network connection our
+# networks are configured for. So try to restart on failure with a delay
+# of two seconds. Rate limiting kicks in after 12 seconds.
+RestartSec=2s
+Restart=on-failure
+StartLimitInterval=12s
 
 [Install]
 WantedBy=multi-user.target
diff --git a/dhcpd.tmpfiles b/dhcpd.tmpfiles
index d545ce8..dd3b209 100644
--- a/dhcpd.tmpfiles
+++ b/dhcpd.tmpfiles
@@ -1 +1 @@
-d /run/dhcpd 755 root root
+d /run/dhcpd 755 isc-dhcpd isc-dhcpd
diff --git a/dhcpd6.service b/dhcpd6.service
index bd1fac4..af7de4e 100644
--- a/dhcpd6.service
+++ b/dhcpd6.service
@@ -1,13 +1,29 @@
 [Unit]
 Description=DHCPv6 Server Daemon
-After=syslog.target network.target
+Documentation=man:dhcpd(8) man:dhcpd.conf(5)
+Wants=network-online.target
+# ldap.service: probably LDAP server starts first and dhcpd must start providing DHCP server only after LDAP has started to use LDAP for IP addresses (?)
+# network-online.target seems unreasonable because network is probsbly not online on the DHCP server in a local network
+After=network.target time-sync.target ldap.service
 
 [Service]
-Environment=CONFIGFILE=/etc/dhcpd6.conf LEASEFILE=/var/lib/dhcp/dhcpd6.leases
-EnvironmentFile=-/etc/sysconfig/dhcpd6
+Environment=CONFIGFILE=/etc/dhcpd6.conf LEASEFILE=/var/lib/dhcpd/dhcpd6.leases
+EnvironmentFile=-/etc/sysconfig/dhcpd
 Type=forking
-PIDFile=/var/run/dhcpd6.pid
-ExecStart=/usr/sbin/dhcpd -6 -pf /var/run/dhcpd6.pid -cf $CONFIGFILE -lf $LEASEFILE $OPTIONS $INTERFACES
+ExecStart=/usr/sbin/dhcpd -6 -pf /run/dhcpd/dhcpd6.pid -cf $CONFIGFILE -lf $LEASEFILE $OPTIONS $INTERFACES
+PIDFile=/run/dhcpd/dhcpd6.pid
+User=isc-dhcpd
+AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW
+ProtectSystem=full
+ProtectHome=on
+KillSignal=SIGINT
+# We pull in network-online.target for a configured network connection.
+# However this is not guaranteed to be the network connection our
+# networks are configured for. So try to restart on failure with a delay
+# of two seconds. Rate limiting kicks in after 12 seconds.
+RestartSec=2s
+Restart=on-failure
+StartLimitInterval=12s
 
 [Install]
 WantedBy=multi-user.target
diff --git a/isc-dhcp-client.conf b/isc-dhcp-client.conf
new file mode 100644
index 0000000..8ab9da2
--- /dev/null
+++ b/isc-dhcp-client.conf
@@ -0,0 +1,4 @@
+# The shell is /sbin/nologin
+u isc-dhcp-client - "ISC DHCP client user" /
+g isc-dhcp-client - "ISC DHCP client group"
+m isc-dhcp-client isc-dhcp-client
diff --git a/isc-dhcpd.conf b/isc-dhcpd.conf
new file mode 100644
index 0000000..92a85e3
--- /dev/null
+++ b/isc-dhcpd.conf
@@ -0,0 +1,4 @@
+# The shell is /sbin/nologin
+u isc-dhcpd - "ISC DHCP daemon user" /
+g isc-dhcpd - "ISC DHCP daemon group"
+m isc-dhcpd isc-dhcpd