Español
Deutsch
Simple Management for BIND
April 22nd, 2007Smbind is a PHP-based software tool for managing DNS zones for BIND via the web interface. This supports the per-user administration of zones, error checking, and a PEAR DB database backend.
1. INSTALLATION
Please download the smbind tar file from the download section using wget.
# wget http://jaist.dl.sourceforge.net/sourceforge/smbind/smbind-0.4.7.tar.gz # tar -zxvf smbind-0.4.7.tar.gz # cd smbind-0.4.7/
You will need to create a database, table structure, install and configure the PHP scripts, and modify your named.conf. You will need to adjust permissions on your system so that your web server user (www, apache, httpd, nobody, etc.) can read and write various files relating to BIND, such as rndc.
2. DATABASE
You will need to create a database, table structure and then copy the dump file smbind-mysql.sql to the respective database.
Create the smbind database.
[MySQL] mysqladmin create smbind [PG] createdb smbind
Create the smbind tables.
[MySQL] mysqldump smbind < smbind-mysql.sql [PG] psql -U dbuser -d smbind < smbind-pg.sql
3. WEB SERVER
Copy the contents of the php directory to a web server directory.
# cp -Rp php/* /usr/local/apache/htdocs
Secure the config file (private readable) and template_c (writable) directories. Your web server may not run as apache, it may run as www, httpd, nobody, or something entirely different.
# chown root.apache config.php template_c # chmod 640 config.php # chmod 775 template_c
Download the latest version of Smarty from http://smarty.php.net/. Untar the file, and copy the libs folder to the location specified in the smarty_path option in the config file config.php.
# mkdir /usr/share/smarty # tar zxvf Smarty-2.6.1.tar.gz # cp -R ./Smarty-2.6.1/libs/* /usr/share/smarty
Edit config.php, setting your database information and the locations of your named-checkconf, named-checkzone, and rndc binaries. smbind configuration examples are provided for both normal and chroot jailed BIND setups.
The typical config.php file with all necessary configurations will be as follows:
// Include paths. $_CONF['smarty_path'] = “/usr/share/smarty”; $_CONF['peardb_path'] = “/usr/share/pear”; // Database DSN. $_CONF['db_type'] = “mysql”; // mysql for MySQL, pgsql for PostgreSQL $_CONF['db_user'] = “smbind”; $_CONF['db_pass'] = “newpass”; $_CONF['db_host'] = “localhost”; $_CONF['db_db'] = “smbind”; // Zone data paths (normal). $_CONF['path'] = “/var/named/”; $_CONF['conf'] = “/etc/smbind/smbind.conf”; # Include this file in named.conf. // Zone data paths (chroot). #$_CONF['path'] = “/var/named/chroot/var/named/”; #$_CONF['conf'] = “/var/named/chroot/etc/smbind/smbind.conf”; # Include this file in named.conf. // BIND utilities. $_CONF['namedcheckconf'] = “/usr/sbin/named-checkconf”; $_CONF['namedcheckzone'] = “/usr/sbin/named-checkzone”; $_CONF['rndc'] = “/usr/sbin/rndc”;
Provided is a configtest.php script that will test permissions on everything to ensure that your configuration will work. It will be located at http://localhost.localdomain/src/configtest.php
4. BIND
Add the user that runs your web server to the group that runs the BIND server. This will allow BIND to access it’s files, while also allowing your web server to update and manage them. The example below assumes that apache is running as “apache” and that BIND is running as “named”. Apache must then be restarted.
# usermod -G named apache # /etc/rc.d/init.d/httpd restart
Create a directory for the smbind zone file.
# mkdir /etc/smbind # chown root.named /etc/smbind # chmod 775 /etc/smbind
Add an include to your named.conf, adding smbind.conf to named.conf.
include "/etc/smbind/smbind.conf";
Modify the permissions on BIND’s zone file directory. Some distributions do not even allow named to write to its own zone directory.
# chmod 770 /var/named
5. TESTING OUT
Fire up a browser and view http://localhost.localdomain/src/configtest.php This script will verify that your web server can read and write every where it needs to. If it encounters any permissions problems, read the error message carefully and investigate as instructed. It is assumed that your BIND is running prior to this test.The typical configtest will output as follows:
smbind configtest This script will try to check some aspects of your smbind configuration and point you to errors where ever it can find them. You need to edit config.php and read the INSTALL file first before you run this script. Testing config.php...OK Testing PEAR DB...OK Testing Smarty...OK Testing templates_c...OK Testing path...OK Testing conf directory...OK Testing conf file...OK Testing named-checkconf...OK Testing named-checkzone...OK Testing rndc...OK Testing (guess) /etc/rndc.conf...OK Testing (guess) /etc/rndc.key...OK Testing (guess) connection to localhost:953...OK Testing rndc execution...OK server is up and running Testing database connection...mysql://smbind:newpass@localhost/smbind OK Testing database SELECT from zones table...OK Testing database SELECT from users table...OK Testing database SELECT from records table...OK Testing database INSERT into zones table...OK Testing database INSERT into users table...OK Testing database INSERT into records table...OK Testing database UPDATE zones table...OK Testing database UPDATE users table...OK Testing database UPDATE records table...OK Testing database DELETE FROM zones table...OK Testing database DELETE FROM users table...OK Testing database DELETE FROM records table...OK Congratulations, your setup looks good. Please remember to add the following line to your named.conf: include "/etc/smbind/smbind.conf";
Web interface
Login to the web interface http://domainname/php/src/main.php with the user 'admin' and password 'admin'.
About the author:
Savitha Nair works as Sr. Software Engineer (Grade II) in Bobcares.com. Savitha has worked in Bobcares for 3 years and is a passionate advocate of secure linux server administration.
aleph
Thanks for this post. I’ve been looking for simple bind management script, and this one perfectly suits my needs.
However there may be a problem with /usr/sbin/rndc binary, I had to modify it’s permissions to be able to run it as apache.
Comment by aleph — November 3, 2008 @ 2:49 pm
Savitha Nair
Hello Aleph,
If you have installed bind previously and it is running fine, you will have to run the “smbind configtest” [ STEP 5 in this article]. Fire up a browser and view http://localhost.localdomain/src/configtest.php. This script will verify that your web server can read and write every where it needs to. If it encounters any permissions problems, read the error message carefully and investigate as instructed.
This will help to check the permission issue and you can change the permission of required binaries.
Comment by Savitha Nair — November 6, 2008 @ 12:28 am
Luong
Can I use SMBIND or WMBIND with BIND CHROOT?
Comment by Luong — November 6, 2008 @ 7:18 am
Savitha Nair
Hello Luong,
Yes. You can use smbind. In my article, examples are provided for both normal and chroot jailed BIND setups.
Uncomment these lines in config.php
~~~~~~~~~~~~~~~~~~~~~~~~
// Zone data paths (chroot).
$_CONF['path'] = “/var/named/chroot/var/named/”;
$_CONF['conf'] = “/var/named/chroot/etc/smbind/smbind.conf”;
# Include this file in named.conf.
~~~~~~~~~~~~~~~~~~~~~~~~
For this configuration, comment the section “Zone data paths (normal)” in config.php in STEP -3.
Comment by Savitha Nair — November 9, 2008 @ 10:43 pm
Son
How can I import zone data, which are not created by smbind into smbind?
Comment by Son — November 12, 2008 @ 12:11 am
Savitha Nair
Hello,
You can upload that to Zone data paths . You can use rsync or scp to copy all zone data to /var/named/ for /var/named/chroot/var/named/.
// Zone data paths (normal).
$_CONF['path'] = “/var/named/”;
// Zone data paths (chroot).
#$_CONF['path'] = “/var/named/chroot/var/named/”;
Regards,
Savitha
Comment by Savitha Nair — November 13, 2008 @ 6:01 am
Luong
Here are steps i do to import (failed):
1. copy old zone data to smbind zone path,
2. the permission, owner as new zone created by smbind.
3.Add zone info to smbind.conf.
4. Restart http server.
Login to smbind, but i cannot see the zone
Another ways, I create a zone and overwrite with old zone (imported zone), but smbind still show the new zone.
Last question: How to import, re-use zone does not created by smbind?
Comment by Luong — December 22, 2008 @ 4:12 am
jack
i got this error
mysqldump smbind < smbind-mysql.sql
bash: smbind-mysql.sql: No such file or directory
Comment by jack — March 3, 2009 @ 7:33 am
jack
now i got this error in configtest.php
Testing config.php…OK
Testing PEAR DB…OK
Testing Smarty…OK
Testing templates_c…OK
Testing path…OK
Testing conf directory…OK
Testing conf file…OK
Testing named-checkconf…OK
Testing named-checkzone…OK
Testing rndc…OK
Testing (guess) /etc/rndc.conf…OK
Testing (guess) /etc/rndc.key…OK
Testing (guess) connection to localhost:953…OK
Testing rndc execution…OK
server is up and running
Testing database connection…Database error: insufficient permissions
Comment by jack — March 3, 2009 @ 8:19 am
Norad
Good article. smbind is useful only for simple management.
Others that looking for bind management scripts can go here:
Web interfaces for BIND management
http://www.sysadmin.md/web-interfaces-for-bind-management.html
and choose a script from that list that suits their needs.
Comment by Norad — May 27, 2009 @ 11:13 am
hereiswheremynamegoes
So yeah, I got this smbind thing going. It makes the config files. It tests perfect except for the rndc.key which it doesn’t seem to need with the rndc.conf and rndc connection. However, the config files fail to load cause the path is put into the smbind.conf file wrong for each zone. I use a chrooted bind9 so bind thinks the directory is different then the smbind zone file is giving it. How do I change this?
Any help would be greatly appreciated.
Comment by hereiswheremynamegoes — May 29, 2009 @ 4:11 pm
ex-bob
Easy way to install,
1) install ubuntu
2) aptitude install smbind -y
Thats all
Comment by ex-bob — September 10, 2009 @ 12:37 pm
thanhtam
i can create smbind master / slave ???
Comment by thanhtam — October 13, 2009 @ 3:32 am
thanhtam
i can create smbind master / slave ??
Comment by thanhtam — October 13, 2009 @ 3:33 am
Nandakumar
Hi,
I am trying to setup smbind on CentOS5.4 i386-arch
This is a fresh configuration
I followed the instructions as said in the INSTALL file contained in smbind-0.4.7. I get the following error.
Looks like I am missing something. Any help would be appeciated.
http:///src/configtest.php
smbind configtest
This script will try to check some aspects of your smbind configuration and point you to errors where ever it can find them. You need to edit config.php and read the INSTALL file first before you run this script.
Testing config.php…OK
Testing PEAR DB…OK
Testing Smarty…OK
Testing templates_c…OK
Testing path…OK
Testing conf directory…OK
Testing conf file…OK
Testing named-checkconf…OK
Testing named-checkzone…OK
Testing rndc…OK
Testing (guess) /etc/rndc.conf…OK
Testing (guess) /etc/rndc.key…OK
Testing (guess) connection to localhost:953…error. Could not connect to localhost:953: Connection refused(111)
Either named isn’t running or rndc is configured on an alternate port.
Testing rndc execution…Could not run rndc as apache. Please make sure that apache is a member of the group that runs named, and that all rndc config files and keys are readable by apache.
output was: rndc: no server specified and no default
[root@ ~]# /etc/init.d/named start
Starting named:
Error in named configuration:
/etc/named.conf:127: open: /var/named/chroot/etc/smbind/smbind.conf: file not found
[FAILED]
[root@ ~]# ll /var/named/chroot/etc/smbind/smbind.conf
-rwxrwxrwx 1 apache named 0 Feb 21 21:57 /var/named/chroot/etc/smbind/smbind.conf
[root@ ~]#
Comment by Nandakumar — February 22, 2010 @ 12:29 am