Bobcares

Simple Management for BIND

by | Apr 22, 2007

Smbind is a PHP-based software tool for managing DNS zones for BIND via the web interface. This supports the per-user administration of zones, error checking, and a PEAR DB database backend.

 

Hire Bobcares Linux Server Administrators
Get super reliable servers and delighted customers

See how we do it!

 

1. INSTALLATION

Please download the smbind tar file from the download section using wget.

# wget http://jaist.dl.sourceforge.net/sourceforge/smbind/smbind-0.4.7.tar.gz
# tar -zxvf smbind-0.4.7.tar.gz
# cd smbind-0.4.7/

You will need to create a database, table structure, install and configure the PHP scripts, and modify your named.conf. You will need to adjust permissions on your system so that your web server user (www, apache, httpd, nobody, etc.) can read and write various files relating to BIND, such as rndc.

2. DATABASE

You will need to create a database, table structure and then copy the dump file smbind-mysql.sql to the respective database.

Create the smbind database.

[MySQL]         mysqladmin create smbind
[PG]            createdb smbind

Create the smbind tables.

[MySQL]         mysqldump smbind < smbind-mysql.sql
[PG]            psql -U dbuser -d smbind < smbind-pg.sql

3. WEB SERVER

Copy the contents of the php directory to a web server directory.

# cp -Rp php/* /usr/local/apache/htdocs

Secure the config file (private readable) and template_c (writable) directories. Your web server may not run as apache, it may run as www, httpd, nobody, or something entirely different.

# chown root.apache config.php template_c
# chmod 640 config.php
# chmod 775 template_c

Download the latest version of Smarty from http://smarty.php.net/. Untar the file, and copy the libs folder to the location specified in the smarty_path option in the config file config.php.

# mkdir /usr/share/smarty
# tar zxvf Smarty-2.6.1.tar.gz
# cp -R ./Smarty-2.6.1/libs/* /usr/share/smarty

Edit config.php, setting your database information and the locations of your named-checkconf, named-checkzone, and rndc binaries. smbind configuration examples are provided for both normal and chroot jailed BIND setups.

The typical config.php file with all necessary configurations will be as follows:

// Include paths.
$_CONF['smarty_path']   = "/usr/share/smarty";
$_CONF['peardb_path']   = "/usr/share/pear";

// Database DSN.
$_CONF['db_type']       = "mysql"; // mysql for MySQL, pgsql for PostgreSQL
$_CONF['db_user']       = "smbind";
$_CONF['db_pass']       = "newpass";
$_CONF['db_host']       = "localhost";
$_CONF['db_db']         = "smbind";

// Zone data paths (normal).
$_CONF['path']          = "/var/named/";
$_CONF['conf']          = "/etc/smbind/smbind.conf";
# Include this file in named.conf.

// Zone data paths (chroot).
#$_CONF['path']         = "/var/named/chroot/var/named/";
#$_CONF['conf']         = "/var/named/chroot/etc/smbind/smbind.conf";
# Include this file in named.conf.

// BIND utilities.
$_CONF['namedcheckconf'] = "/usr/sbin/named-checkconf";
$_CONF['namedcheckzone'] = "/usr/sbin/named-checkzone";
$_CONF['rndc']           = "/usr/sbin/rndc";

Provided is a configtest.php script that will test permissions on everything to ensure that your configuration will work. It will be located at http://localhost.localdomain/src/configtest.php

4. BIND

Add the user that runs your web server to the group that runs the BIND server. This will allow BIND to access it’s files, while also allowing your web server to update and manage them. The example below assumes that apache is running as “apache” and that BIND is running as “named”. Apache must then be restarted.

# usermod -G named apache
# /etc/rc.d/init.d/httpd restart

Create a directory for the smbind zone file.

# mkdir /etc/smbind
# chown root.named /etc/smbind
# chmod 775 /etc/smbind

Add an include to your named.conf, adding smbind.conf to named.conf.

 include "/etc/smbind/smbind.conf";

Modify the permissions on BIND’s zone file directory. Some distributions do not even allow named to write to its own zone directory.

# chmod 770 /var/named

5. TESTING OUT

Fire up a browser and view http://localhost.localdomain/src/configtest.php This script will verify that your web server can read and write every where it needs to. If it encounters any permissions problems, read the error message carefully and investigate as instructed. It is assumed that your BIND is running prior to this test.The typical configtest will output as follows:

smbind configtest

This script will try to check some aspects of your smbind configuration
 and point you to errors where ever it can find them. You need to edit
config.php and read the INSTALL file first before you run this script.

Testing config.php...OK
Testing PEAR DB...OK
Testing Smarty...OK
Testing templates_c...OK
Testing path...OK
Testing conf directory...OK
Testing conf file...OK
Testing named-checkconf...OK
Testing named-checkzone...OK
Testing rndc...OK
Testing (guess) /etc/rndc.conf...OK
Testing (guess) /etc/rndc.key...OK
Testing (guess) connection to localhost:953...OK
Testing rndc execution...OK
server is up and running
Testing database connection...mysql://smbind:newpass@localhost/smbind OK
Testing database SELECT from zones table...OK
Testing database SELECT from users table...OK
Testing database SELECT from records table...OK
Testing database INSERT into zones table...OK
Testing database INSERT into users table...OK
Testing database INSERT into records table...OK
Testing database UPDATE zones table...OK
Testing database UPDATE users table...OK
Testing database UPDATE records table...OK
Testing database DELETE FROM zones table...OK
Testing database DELETE FROM users table...OK
Testing database DELETE FROM records table...OK

Congratulations, your setup looks good. Please remember to add the
following line to your named.conf:
include "/etc/smbind/smbind.conf";

Web interface

Login to the web interface http://domainname/php/src/main.php
with the user 'admin' and password 'admin'.

Articles by Savitha

About the author:
Savitha Nair works as Sr. Software Engineer (Grade II) in Bobcares.com. Savitha has worked in Bobcares for 3 years and is a passionate advocate of secure linux server administration.


20 Comments

  1. aleph

    Thanks for this post. I’ve been looking for simple bind management script, and this one perfectly suits my needs.
    However there may be a problem with /usr/sbin/rndc binary, I had to modify it’s permissions to be able to run it as apache.

  2. Savitha Nair

    Hello Aleph,

    If you have installed bind previously and it is running fine, you will have to run the “smbind configtest” [ STEP 5 in this article]. Fire up a browser and view http://localhost.localdomain/src/configtest.php. This script will verify that your web server can read and write every where it needs to. If it encounters any permissions problems, read the error message carefully and investigate as instructed.

    This will help to check the permission issue and you can change the permission of required binaries.

  3. Luong

    Can I use SMBIND or WMBIND with BIND CHROOT?

  4. Savitha Nair

    Hello Luong,

    Yes. You can use smbind. In my article, examples are provided for both normal and chroot jailed BIND setups.

    Uncomment these lines in config.php
    ~~~~~~~~~~~~~~~~~~~~~~~~
    // Zone data paths (chroot).
    $_CONF[‘path’] = “/var/named/chroot/var/named/”;
    $_CONF[‘conf’] = “/var/named/chroot/etc/smbind/smbind.conf”;
    # Include this file in named.conf.
    ~~~~~~~~~~~~~~~~~~~~~~~~

    For this configuration, comment the section “Zone data paths (normal)” in config.php in STEP -3.

  5. Son

    How can I import zone data, which are not created by smbind into smbind?

  6. Savitha Nair

    Hello,

    You can upload that to Zone data paths . You can use rsync or scp to copy all zone data to /var/named/ for /var/named/chroot/var/named/.

    // Zone data paths (normal).
    $_CONF[‘path’] = “/var/named/”;

    // Zone data paths (chroot).
    #$_CONF[‘path’] = “/var/named/chroot/var/named/”;

    Regards,
    Savitha

  7. Luong

    Here are steps i do to import (failed):

    1. copy old zone data to smbind zone path,
    2. the permission, owner as new zone created by smbind.
    3.Add zone info to smbind.conf.
    4. Restart http server.

    Login to smbind, but i cannot see the zone 🙁

    Another ways, I create a zone and overwrite with old zone (imported zone), but smbind still show the new zone.

    Last question: How to import, re-use zone does not created by smbind?

  8. jack

    i got this error

    mysqldump smbind < smbind-mysql.sql
    bash: smbind-mysql.sql: No such file or directory

  9. jack

    now i got this error in configtest.php

    Testing config.php…OK
    Testing PEAR DB…OK
    Testing Smarty…OK
    Testing templates_c…OK
    Testing path…OK
    Testing conf directory…OK
    Testing conf file…OK
    Testing named-checkconf…OK
    Testing named-checkzone…OK
    Testing rndc…OK
    Testing (guess) /etc/rndc.conf…OK
    Testing (guess) /etc/rndc.key…OK
    Testing (guess) connection to localhost:953…OK
    Testing rndc execution…OK
    server is up and running
    Testing database connection…Database error: insufficient permissions

  10. hereiswheremynamegoes

    So yeah, I got this smbind thing going. It makes the config files. It tests perfect except for the rndc.key which it doesn’t seem to need with the rndc.conf and rndc connection. However, the config files fail to load cause the path is put into the smbind.conf file wrong for each zone. I use a chrooted bind9 so bind thinks the directory is different then the smbind zone file is giving it. How do I change this?

    Any help would be greatly appreciated.

  11. ex-bob

    Easy way to install,

    1) install ubuntu
    2) aptitude install smbind -y

    Thats all

  12. thanhtam

    i can create smbind master / slave ???

  13. thanhtam

    i can create smbind master / slave ??

  14. Nandakumar

    Hi,
    I am trying to setup smbind on CentOS5.4 i386-arch
    This is a fresh configuration

    I followed the instructions as said in the INSTALL file contained in smbind-0.4.7. I get the following error.
    Looks like I am missing something. Any help would be appeciated.

    http:///src/configtest.php

    smbind configtest

    This script will try to check some aspects of your smbind configuration and point you to errors where ever it can find them. You need to edit config.php and read the INSTALL file first before you run this script.

    Testing config.php…OK
    Testing PEAR DB…OK
    Testing Smarty…OK
    Testing templates_c…OK
    Testing path…OK
    Testing conf directory…OK
    Testing conf file…OK
    Testing named-checkconf…OK
    Testing named-checkzone…OK
    Testing rndc…OK
    Testing (guess) /etc/rndc.conf…OK
    Testing (guess) /etc/rndc.key…OK
    Testing (guess) connection to localhost:953…error. Could not connect to localhost:953: Connection refused(111)
    Either named isn’t running or rndc is configured on an alternate port.
    Testing rndc execution…Could not run rndc as apache. Please make sure that apache is a member of the group that runs named, and that all rndc config files and keys are readable by apache.

    output was: rndc: no server specified and no default

    [root@ ~]# /etc/init.d/named start
    Starting named:
    Error in named configuration:
    /etc/named.conf:127: open: /var/named/chroot/etc/smbind/smbind.conf: file not found
    [FAILED]
    [root@ ~]# ll /var/named/chroot/etc/smbind/smbind.conf
    -rwxrwxrwx 1 apache named 0 Feb 21 21:57 /var/named/chroot/etc/smbind/smbind.conf
    [root@ ~]#

  15. ferry

    Hi Savitha,

    here is our config:
    drwxrwxr-x 5 root named 4.0K Oct 27 22:40 named
    named:x:25:apache

    i think apache is protect other folder outside html.

    note:centos5.5, selinux disabled, apache and php default conf

  16. aravind

    Hi Friends,

    Any one got success on importing the old zone files to smbind?

    Regards,
    Aravind

  17. clau

    Hello,
    i get this message when i start named:
    Error in named configuration:
    /etc/named.conf:256: open: /etc/smbind/smbind.conf: file not found
    but it is…
    -rwxrwxrwx 1 root root 0 2011-02-23 13:04 smbind.conf
    thanks

  18. ahren

    why
    http error log says

    “PHP Fatal error: Class ‘Router’ not found in /var/www/html/web/index.php on line 49”

  19. sandor

    Hi ahren,

    For the “PHP Fatal error: Class ‘Router’ not found in /var/www/html/web/index.php on line 49″ error, try installing smarty version < 3.
    Don’t forget to set the right path in “config.php”

    Regards,

Never again lose customers to poor
server speed! Let us help you.