Hi Peter!
First, I am not an expert, so I am probably wrong 
I think keepalived is only for failing-over an IP address, from one machine to another. Nothing more.
If you want to use real failover for DHCP, I think you have to use declaration blocks for failover peers in dhcpd.conf. See above Keepalived & DHCP fail-over issues - #6 by raffe under EDIT:
Otherwise I think both IPFires will just be up and functioning, and if both have normal DHCP both will give IP numbers. That is why I have “solved” it with two different pools on my IPFire servers and manually edit “option routers”:
- primary server range 192.168.0.50 - 192.168.0.150
and
backup server range 192.168.0.151 -192.168.0.199 - And I have manually changed “option routers” in dhcpd.conf on both servers to the virtual IP 192.168.0.254
Then it does not matter which server gives IP numbers, as the DHCP clients will all use the virtual failover IP as router/gateway and that is the “server” that is working “at the time”.
If dhcpd.conf get overwritten, option routers is easier to edit than a full dhcpd.conf. But I think that one solution could also be to use the include "/var/ipfire/dhcp/dhcpd.conf.local"; in dhcpd.conf to have the declaration blocks for failover peers in dhcpd.conf.local. But I have not had the time to test it, if dhcpd.conf gets overwritten often I may look in to it.