Ubuntu:
Look for a file similar to:
# cd /etc/apparmor.d/
# vi usr.sbin.named/
Update AppArmor BIND profile adding the following lines:
#smbind
/etc/smbind/smbind.conf r,
/etc/smbind/zones/ rw,
/etc/smbind/zones/** rw,
Installation Steps:
Note:
Start w/ Ubuntu 12/14 LTS, w/minimal install and the SSH server.
Update System:
# sudo su -
# apt-get update
# apt-get upgrade
Install Apache:
# apt-get install apache2
# vi /etc/apache2/apache2.conf
Under the Global Configuration section, add a new line:
ServerName myserver.mydomain.com
(Save the file.)
Update the default filetype to be php instead of html.
# vi /etc/apache2/mods-enabled/dir.conf
(Move the index.php to the first value. Save the file.)
# apache2ctl configtest
(Syntax OK)
# systemctl restart apache2
# ufw app into "Apache Full"
(Assuming you see the profile with ports 80/443, enter...)
# ufw allow in "Apache Full"
Install MySQL Server:
# apt-get install mysql-server
(After a bit, enter the password for the mysql root user. Note what you entered. Wait a bunch more.)
# mysql_secure_installation
(Answer questions, I choose N for the password check, and Y for everything else.)
Install PHP:
# apt-get install php libapache2-mod-php php-mcrypt php-mysql
Install BIND:
# apt-get install bind9
Install SMBIND Dependencies:
# apt-get install php-pear php-db smarty3 dbconfig-common libphp-adodb
Install BIND:
# apt-get install bind9 bind9utils
To restrict BIND to IP4 only, edit the bind9.service file as follows:
# vi /etc/systemd/systemd/bind9.service
Append to the ExecStart line -4. e.g. ExecStart=/usr/sbin/named -f -u bind -4
(Save the file.)
# systemctl daemon-reload
# systemctl restart bind9
Install Pear Db in MySQL:
# pear install DB
# pear install pear/MDB2#mysql --nodeps
(Note: I haven't tested to see if the newer MDB2 works with SMBIND.)
Install SMBIND:
Download SMBIND from its SourceForge library.
(Use wget, or use a workstation and transfer via SSH, e.g. FileZilla.)
# cd /home/myadminid/tmp/
# tar -xzf smbind-0.x.x.x.tar.gz
# cd smbind-0.x.x.x.tar.gz
Copy the files:
# sudo cp -r ./php/ /var/www/smbind
# sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/smbind.conf
Update the Apache2:
# vi /etc/apache2/sites-available/smbind.conf
Updated the following lines:
DocumentRoot /var/www/smbind
ErrorLog ${APACHE_LOG_DIR}/smbind_error.log
CustomLog ${APACHE_LOG_DIR}/smbind_access.log combined
(Save the file.)
# a2dissite 000-default.conf
# a2ensite smbind.conf
# service apache2 reload
Set-up MySQL:
# mysql -u root -p
> CREATE USER 'smbind'@'localhost' IDENTIFIED BY '<password>';
> CREATE DATABASE smbind;
> GRANT ALL PRIVILEGES ON smbind.* to smbind@localhost;
> FLUSH PRIVILEGES;
>exit
Import the tables (still in the admin tmp's smbind folder):
# mysql -u smbind -p -D smbind < smbind-mysql.sql
Fix the permissions of the PHP files:
# cd /var/www/smbind/
# chown root.www-data config.php templates_c
# chmod 640 config.php
# chmod 775 template_c
# sudo chown www-data:www-data /var/www/smbind/templates_c/
Fix the permission of the rndc.key:
# chgrp www-data /etc/bind/rndc.key
Fix
Set-up location for SMBIND's zone files:
# mkdir -p /etc/smbind/zones/
# chown www-data:www-data /etc/smbind/zones/
# touch /etc/smbind/smbind.conf
# chown www-data:www-data /etc/smbind/smbind.conf
Edit the config.php file, customizing for your setup:
# vi config.php
(Check the paths, add the smbind password you entered, and save the file.)
<?php
// Include paths.
$_CONF['smarty_path'] = "/usr/share/php/smarty3";
$_CONF['peardb_path'] = "/usr/share/php";
// Database DSN.
$_CONF['db_type'] = "mysql"; // mysql for MySQL, pgsql for PostgreSQL
$_CONF['db_user'] = "smbind";
$_CONF['db_pass'] = "mysecurepassword";
$_CONF['db_host'] = "localhost";
$_CONF['db_db'] = "smbind";
// Zone data paths (normal).
$_CONF['path'] = "/etc/smbind/zones/";
$_CONF['conf'] = "/etc/smbind/smbind.conf"; # Include this file in named.conf.
// Zone data paths (chroot).
#$_CONF['path'] = "/var/named/chroot/var/named/";
#$_CONF['conf'] = "/var/named/chroot/etc/smbind/smbind.conf"; # Include this file in named.conf.
// BIND utilities.
$_CONF['namedcheckconf'] = "/usr/sbin/named-checkconf";
$_CONF['namedcheckzone'] = "/usr/sbin/named-checkzone";
$_CONF['rndc'] = "/usr/sbin/rndc";
?>
Add the www-data user to bind's user group:
# usermod -a -G bind www-data
Alter the Apparmor profile:
# vi /etc/apparmor.d/local/usr.sbin.named
Add the following line:
/etc/smbind/smbind.conf rw,
(Save the file.)
# apparmor_parser -r /etc/apparmor.d/usr.sbin.named
Update the BIND config to add SMBIND:
# vi /etc/bind/named.conf.local
Add the following two lines:
include "/etc/bind/rndc.key";
include "/etc/smbind/smbind.conf";
(Save the file.)
# service bind9 restart
Modification to Increase TXT Record Size:
A. Update the MySQL records Table:
# mysql -u root -p smbind
<pwd>
> show tables;
returns:
- options
- records
- users
- zones
> desc records;
displays the domain records committed
note that the destination column is varchar(255)
> select * from records LIMIT 15,20;
view partial list of 20, starting with row 15
> alter table records modify destination varchar(2048);
updates the default installation from 255 to 2048 characters
B. Update the commit.php src file:
# cd /var/www/html/src/
# cp commit.php commitbkup.php
# vi commit.php
... ( about 50 lines of code, look for the TXT elseif, update to below: ) ...
elseif($record[3] == "TXT") {
$destination = "";
foreach (str_split($record[5],255) as $subtxt) {
$destination = $destination . "\n\t\t\t\t\t\"" . $subtxt . "\"";
}
$destination = "(" . substr($destination,6) . ")";
}
C. Using SMBind, add two new TXT lines. One under 255 characters and one over 255 characters.
D. Verify w/dig:
$ dig @10.1.10.20 mindwatering.net txt
verify output.
previous page
|