Thursday, September 15, 2011

Simple Management for BIND

Smbind is a PHP-based software tool for managing DNS zones for BIND via the web interface. This supports the per-user administration of zones, error checking, and a PEAR DB database backend.


Please download the smbind tar file from the download section using wget.
# wget
# tar -zxvf smbind-0.4.7.tar.gz
# cd smbind-0.4.7/
You will need to create a database, table structure, install and configure the PHP scripts, and modify your named.conf. You will need to adjust permissions on your system so that your web server user (www, apache, httpd, nobody, etc.) can read and write various files relating to BIND, such as rndc.


You will need to create a database, table structure and then copy the dump file smbind-mysql.sql to the respective database.
Create the smbind database.
[MySQL]         mysqladmin create smbind
[PG]            createdb smbind
Create the smbind tables.
[MySQL]         mysqldump smbind < smbind-mysql.sql
[PG]            psql -U dbuser -d smbind < smbind-pg.sql


Copy the contents of the php directory to a web server directory.
# cp -Rp php/* /usr/local/apache/htdocs
Secure the config file (private readable) and template_c (writable) directories. Your web server may not run as apache, it may run as www, httpd, nobody, or something entirely different.
# chown root.apache config.php template_c
# chmod 640 config.php
# chmod 775 template_c
Download the latest version of Smarty from Untar the file, and copy the libs folder to the location specified in the smarty_path option in the config file config.php.
# mkdir /usr/share/smarty
# tar zxvf Smarty-2.6.1.tar.gz
# cp -R ./Smarty-2.6.1/libs/* /usr/share/smarty
Edit config.php, setting your database information and the locations of your named-checkconf, named-checkzone, and rndc binaries. smbind configuration examples are provided for both normal and chroot jailed BIND setups.
The typical config.php file with all necessary configurations will be as follows:
// Include paths.
$_CONF['smarty_path']   = “/usr/share/smarty”;
$_CONF['peardb_path']   = “/usr/share/pear”;

// Database DSN.
$_CONF['db_type']       = “mysql”; // mysql for MySQL, pgsql for PostgreSQL
$_CONF['db_user']       = “smbind”;
$_CONF['db_pass']       = “newpass”;
$_CONF['db_host']       = “localhost”;
$_CONF['db_db']         = “smbind”;

// Zone data paths (normal).
$_CONF['path']          = “/var/named/”;
$_CONF['conf']          = “/etc/smbind/smbind.conf”;
# Include this file in named.conf.

// Zone data paths (chroot).
#$_CONF['path']         = “/var/named/chroot/var/named/”;
#$_CONF['conf']         = “/var/named/chroot/etc/smbind/smbind.conf”;
# Include this file in named.conf.

// BIND utilities.
$_CONF['namedcheckconf'] = “/usr/sbin/named-checkconf”;
$_CONF['namedcheckzone'] = “/usr/sbin/named-checkzone”;
$_CONF['rndc']           = “/usr/sbin/rndc”;
Provided is a configtest.php script that will test permissions on everything to ensure that your configuration will work. It will be located at http://localhost.localdomain/src/configtest.php


Add the user that runs your web server to the group that runs the BIND server. This will allow BIND to access it’s files, while also allowing your web server to update and manage them. The example below assumes that apache is running as “apache” and that BIND is running as “named”. Apache must then be restarted.
# usermod -G named apache
# /etc/rc.d/init.d/httpd restart
Create a directory for the smbind zone file.
# mkdir /etc/smbind
# chown root.named /etc/smbind
# chmod 775 /etc/smbind
Add an include to your named.conf, adding smbind.conf to named.conf.
include "/etc/smbind/smbind.conf";
Modify the permissions on BIND’s zone file directory. Some distributions do not even allow named to write to its own zone directory.
# chmod 770 /var/named


Fire up a browser and view http://localhost.localdomain/src/configtest.php This script will verify that your web server can read and write every where it needs to. If it encounters any permissions problems, read the error message carefully and investigate as instructed. It is assumed that your BIND is running prior to this test.The typical configtest will output as follows:
smbind configtest

This script will try to check some aspects of your smbind configuration
 and point you to errors where ever it can find them. You need to edit
config.php and read the INSTALL file first before you run this script.

Testing config.php...OK
Testing PEAR DB...OK
Testing Smarty...OK
Testing templates_c...OK
Testing path...OK
Testing conf directory...OK
Testing conf file...OK
Testing named-checkconf...OK
Testing named-checkzone...OK
Testing rndc...OK
Testing (guess) /etc/rndc.conf...OK
Testing (guess) /etc/rndc.key...OK
Testing (guess) connection to localhost:953...OK
Testing rndc execution...OK
server is up and running
Testing database connection...mysql://smbind:newpass@localhost/smbind OK
Testing database SELECT from zones table...OK
Testing database SELECT from users table...OK
Testing database SELECT from records table...OK
Testing database INSERT into zones table...OK
Testing database INSERT into users table...OK
Testing database INSERT into records table...OK
Testing database UPDATE zones table...OK
Testing database UPDATE users table...OK
Testing database UPDATE records table...OK
Testing database DELETE FROM zones table...OK
Testing database DELETE FROM users table...OK
Testing database DELETE FROM records table...OK

Congratulations, your setup looks good. Please remember to add the
following line to your named.conf:
include "/etc/smbind/smbind.conf";
Web interface
Login to the web interface http://domainname/php/src/main.php
with the user 'admin' and password 'admin'.