5.8 KiB
SMBind-ng Installation Guide
v0.91c
Requirements
- Any kind of webserver with php usage abilities (tested on apache2, lighttpd, nginx)
- php interpreter (5.3 or greater - tested on 5.3)
- php modules
- one of mysql, pgsql
- mdb2
- mdb2 sql drivers (tested on mysql)
- cgi
- smarty (version 2 or newer - tested on v2 and v3)
- bind (9.3 or newer for dnssec abilities)
- dnssec-tools (optional for securing dns zones)
- acl (optional for securing dns zones)
- SQL server (tested on MySQL)
Installation
Bind
Set up your bind, and configure it to access other masters and enable zone transfer for its slaves.
SMBind-ng PHP code
Unpack contents to somewhere on your server (eg. /var/www/html/smbind-ng) and setup your virtual server to access by default the index.php.
Create the following directories beside the index.php and make it writable by
current webserver user:
tmp
templates_c
All other directories and files can be write protected.
Configuration directories and files
- Create a subdirectory with full permission to user of your webserver for
keeping your zones. You need to make it readable for bind. eg.
/etc/smbind-ng
Recommended solution: owner of directory let the root user and bind group, webserver user let the member of the bind group, and the directory let writable by owned group. - Create a file with same permissions in this directory for saving zone
definitions - eg.
touch smbind-ng.conf. - Create a subdirectory for keeping zone files with write permissions by www-data and bind group.
Modify bind configuration
On your bind options set this folder to use with directory option and
managed-keys option (folder created at the step 3 above).
Include the master configuration files into your bind config - what created at
the step 2.
Restart your bind daemon.
Under bind9.9 or later only
You need to add your options the
masterfile-format text;
line, because these versions keep the zone files as binary format, and you
couldn't preview the slave zones as human readable.
Restart your bind daemon
Database
Create a database user with full permission to access a non existing database
with any name.
Log in your database server with that user, and create an empty database.
Take the initial database dump, and load it to this schema with this newly
created user.
mysql.sql is for MySQL, pgsql.sql is for PostrgeSQL eg. for MySQL:
mysql -h yourserver -u youruser -pYourP@ssW0rd yourdb <mysql.sql
Setup the PHP app
See configuration parameters below
DNSSEC related options
Bind options
In your bind configuration set the following options:
dnssec-enable yes;
dnssec-validation auto;
dnssec-lookaside auto;
And then restart your bind daemon.
Roller daemon
Create a directory for keeping file of roller daemon, and add write permissions for the webserver user group. eg.
setfacl -b /etc/rollrecdir
setfacl -m 'www-data:rwx' /etc/rollrecdir
Set up this directory for roller daemon to use this directory for rolling zones. eg. in your /etc/default/rollerd file use similar option with this:
DAEMON_OPTS="-rrfile /etc/smbind-ng/rollrec/zones.rollrec"
And then reload your roller daemon.
Configuration parameters
The application has a config.php file in the config directory of the root of your SMBind-ng webapp directory.
Format: $_CONF['variablename'] = value;
Variables (mark bold for the required parameters):
db_type - Type of the database (eg. 'mysql')
db_user - Name of the owner of database schema (eg. 'smbind')
db_pass - Password of the user above
db_host - Resolvable name or IP address of the database host (default:
'localhost')
db_port - Port number of the database server (default: 3306 or 5432 depends on
db_type)
db_db - Name of the database schema
smarty_path - Place of the smarty installation
peardb_path - place of your PEAR db
tmp_path - Path of your tmp directory (default: install path/tmp)
roller_conf - Path of your roller daemon config (configured in DAEMON_OPTS).
Required for DNSSEC abilities.
isdnssec - enable or disable DNSSEC abilities (true/false)
recaptcha - enable or disable recaptcha at login screen (true/false)
rc_pubkey - Your public recaptha key (required for recaptcha)
rc_privkey - Your private recaptcha key (required for recaptcha)
nocaptcha - Array of your recaptcha whitelist. If you do not want to recaptcha
when you access the webapp from specified hosts, you need to set up their IP
addresses as followings:
array(
'1.2.3.4',
'2.3.4.5',
);
title - Title string at the top of your SMBind-ng screen (eg. 'My DNS zones')
footer - Footer string at the bottom of your SMBind-ng screen (eg. 'Company
Name')
staticdomain - If you want to access your static files (.css and .js) through
other virtual host, then you need to configure it in your webserver, and just
set it (eg. 'static.mydnsservice.local'). There are only two static files in
your SMBind-ng installation, so I think you don't really need this - but who
knows?
template - .css and .js name in static directory. The default values is
default
path - Where you store your zonefiles. Default: /etc/smbind-ng/zones/
conf - Your included config file. Default: /etc/smbind-ng/smbind-ng.conf
namedcheckconf - Place of your binary. Default if found: /usr/sbin/named-
checkconf
namedcheckzone - Place of your binary. Default if found: /usr/sbin/named-
checkzone
rndc - Place of your binary. Default if found: /usr/sbin/rndc
zonesigner - Place of your binary. Default if found: /usr/sbin/zonesigner
rollinit - Place of your binary. Default if found: /usr/sbin/rollinit
dig - Place of your binary. Default if found: /usr/bin/dig
Access your admin application
http(s)://your.virtualhost.here/path
Global admin username: admin
Initial password: SMBind-ng2016