2015-05-08

Installing SMBind using MySQL backend on Ubuntu 14.04

In Ubuntu 12.04, there was a package for web management of a BIND based DNS server called SMBIND. This package has not been ported forward to 14.04, so here's how I got this done.
Assumptions:
  • Using Apache as a web server is acceptable. Apache is one of the most ubiquitous http servers on the planet, with plenty of documentation for how to fix stuff if it goes pear shaped. If you want to use another web server, please check the documentation for that service.
  • There is no other service using HTTP on the machine being configured. On a private IP space, you have plenty of places to put stuff. With the plethora of options available for VM hosts, I recommend that you run one of those on your home server and host this in there. ProxMox has a very nice web managed front end for its VM management console that works well and uses very little overhead.
  • Using MySQL as a database server is acceptable. MySQL is (as of this writing) still the default SQL server for Ubuntu.
  • A rudimentary knowledge of MySQL, Apache, and a basic knowledge of how to get common tasks done in Ubuntu. If you're setting this up, you either have these or want them anyway.
Grab and unarchive the package from SourceForge.
Install the following packages with your favorite package manager. I typically use apt from the command line directly.
php5 php5-mysqlnd php5-pear mysql-server bind9 smarty3

This will install a bunch of stuff for you, and, most importantly, ask you to set a password for the root user for mysql. Once you've done this, create a user and a database for SMBind to use. I typically do this from the console, but there are several tools you can use to get this done.

You'll need to install the Pear DB package. It balks that it's deprecated, but it's required for SMBind to work. I haven't tested to see if the replacement drops in or not.
sudo pear install DB

Inside the SMBind archive, there's a database that needs to be imported called 'smbind-mysql.sql'.
mysql -u smbind -p -D smbind < smbind-mysql.sql

Inside the SMBind archive, there is a folder that contains the PHP files that are used to get work done. Copy the entire folder into a sane location. The following puts it in /var/www/smbind, which is assumed for the rest of this article.
sudo cp -r ./php/ /var/www/smbind

Set up apache to serve the code. The cleanest way to do this is to copy the default config to another file, modify the new file, disable the default config, and enable the smbind config.
sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/smbind.conf

Here's the file I'm using for this currently:
<virtualhost>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/smbind
ErrorLog ${APACHE_LOG_DIR}/smbind_error.log
CustomLog ${APACHE_LOG_DIR}/smbind_access.log combined
</virtualhost>

Enable the smbind site
sudo a2dissite 000-default.conf
sudo a2ensite smbind.conf

Restart apache:
sudo service apache2 restart

Edit the config file /var/www/smbind/config.php. Here's what I'm using currently, password redacted:
<?php
// Include paths.
$_CONF['smarty_path']   = "/usr/share/php/smarty3";
$_CONF['peardb_path']   = "/usr/share/php";

// Database DSN.
$_CONF['db_type']       = "mysql"; // mysql for MySQL, pgsql for PostgreSQL
$_CONF['db_user']       = "smbind";
$_CONF['db_pass']       = "not really my password";
$_CONF['db_host']       = "localhost";
$_CONF['db_db']         = "smbind";

// Zone data paths (normal).
$_CONF['path']          = "/etc/smbind/zones/";
$_CONF['conf']          = "/etc/smbind/smbind.conf"; # Include this file in named.conf.

// Zone data paths (chroot).
#$_CONF['path']         = "/var/named/chroot/var/named/";
#$_CONF['conf']         = "/var/named/chroot/etc/smbind/smbind.conf"; # Include this file in named.conf.

// BIND utilities.
$_CONF['namedcheckconf'] = "/usr/sbin/named-checkconf";
$_CONF['namedcheckzone'] = "/usr/sbin/named-checkzone";
$_CONF['rndc']           = "/usr/sbin/rndc";
?>

Set the permissions on the necessary files:
sudo chown www-data:www-data /var/www/smbind/templates_c/
sudo chown www-data:www-data /var/www/smbind/config.php

Create a place for smbind to house configuration files.
sudo mkdir -p /etc/smbind/zones/
sudo chown www-data:www-data /etc/smbind/zones/
sudo touch /etc/smbind/smbind.conf
sudo chown www-data:www-data smbind.conf

Add www-data to the bind group:
sudo usermod -a -G bind www-data

Alter the named apparmor profile to read the smbind configs. The file is /etc/apparmor.d/local/usr.sbin.named. Here's my current one:
# Site-specific additions and overrides for usr.sbin.named.
# For more details, please see /etc/apparmor.d/local/README.
/etc/smbind/smbind.conf rw,

Reload the apparmor profile
sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.named

Change the permissions of /etc/bind/rndc.key to allow smbind to read it.
sudo chgrp www-data /etc/bind/rndc.key

Link the rdnc.key file into /etc. No configuration option exists for this in SMBind. I've opened a ticket to see if this can be moved to the config file so this step can be skipped.
sudo ln -s /etc/bind/rndc.key /etc

Alter /etc/bind/named.conf.local to have the smbind and rndc settings. Here's the one I'm currently using:
//
// Do any local configuration here
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
include "/etc/bind/rndc.key";
include "/etc/smbind/smbind.conf";

Restart bind
sudo service bind9 restart

Run the config test using your favorite web browser.
http://your.server.ip/src/configtest.php

If everything comes back clean, congratulations. You've succeeded.

A package for SMBind may show up at some point. If it does, use it. This configuration, while it does work functionally, is probably not ideal by any stretch. If I get super ambitious, I may set up a launchpad account and build out a package for this, assuming no one else is working on it.