Tsunati University - Register Today

Sales Inquiry

GestioIP, PowerDNS, and AD/DNS Integration

By /

I have installed Centos 8 Stream. VMware Tools are installed.

Repository in case you need it:

http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/

Set static IP address:

  • Determine interface name by using “ip addr”.
  • Edit /etc/sysconfig/network-scripts/ifcfg-xxx (xxx = interface name)
    • I like to use nano. (Install by using “yum -y install nano”)
    • nano -w /etc/sysconfig/network-scripts/ifcfg-ens192
    • Set BOOTPROTO to “none”
    • Add the following lines:
      • IPADDR=x.x.x.x
      • PREFIX=24
      • GATEWAY=x.x.x.x
      • DNS1=x.x.x.x
    • Ctrl + O to save your changes
    • Ctrl + X to exit
  • Restart the network services or reboot the virtual machine.
    • nmcli connection down ens192 && sudo nmcli connection up ens192
  • At this point, it is suggested to SSH into the virtual machine using your favorite SSH utility such as Termius for Mac, or MobaXterm for the PC. This way you can copy/paste the commands below to make things simpler/faster.

(Snapshotting your VM along the way is your friend..)

I have installed Centos 8 Stream. VMware Tools are installed.

Repository in case you need it:

http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/

Set static IP address:

  • Determine interface name by using “ip addr”.
  • Edit /etc/sysconfig/network-scripts/ifcfg-xxx (xxx = interface name)
    • I like to use nano. (Install by using “yum -y install nano”)
    • nano -w /etc/sysconfig/network-scripts/ifcfg-ens192
    • Set BOOTPROTO to “none”
    • Add the following lines:
      • IPADDR=x.x.x.x
      • PREFIX=24
      • GATEWAY=x.x.x.x
      • DNS1=x.x.x.x
    • Ctrl + O to save your changes
    • Ctrl + X to exit
  • Restart the network services or reboot the virtual machine.
    • nmcli connection down ens192 && sudo nmcli connection up ens192
  • At this point, it is suggested to SSH into the virtual machine using your favorite SSH utility such as Termius for Mac, or MobaXterm for the PC. This way you can copy/paste the commands below to make things simpler/faster.

(Snapshotting your VM along the way is your friend..)

  1. Update your packages and repository.
    • yum -y update
  2. Install EPEL repository. Some required dependencies are not available in the default YUM repo.
    • yum -y install epel-release yum -y
  3.   Update your packages and repository again, not that you the EPEL repo has been added.
    • yum -y update
  4. GestioIP will need a web server, MYSQL DB, and SNMP packages
    • yum -y install httpd mod_perl mariadb mariadb-server make gcc net-snmp net-snmp-utils wget checkpolicy policycoreutils-python-utils bind-utils
  5. Start the Apache Web Server, and enable it to autostart at boot.
    • systemctl start httpd && systemctl enable httpd
  6.  Start the MariaDB Server, and enable it to autostart at boot.
    • systemctl start mariadb && systemctl enable mariadb
  7. Next, we will secure the MariaDB installation of MySQL.
    • mysql_secure_installation
      • Press enter, when prompted for current root password.
      • Press "Y", when prompted to set root password. Enter a new secure password, and press Enter. Enter the same new secure password again, and press Enter.
      • Press “Y”, for the remaining prompts (Remove anonymous users, Disallow root login remotely, Remove test database and access to it, Reload privilege tables now, 
  8. Change to the Opt directory
    • cd /opt
  9.  Download the latest version of GestioIP
  10. Extract the archive.
    • tar zxvf gestioip_3.5.tar.gz
  11. Switch to the newly created directory and install GestioIP.
    • cd /opt/gestioip_3.5
    • ./setup_gestioip.sh
    • Press “Y” when prompted to install GestioIP. (The install will take a few minutes…be patient.)
    • You will be asked for the default user that will be able to access GestioIP. It defaults to gipadmin. Type in “admin”, or your preferred admin username. Then Press Enter.
    • Enter the password you wish to use for the admin account, and press Enter.
    • Re-enter the password that you just entered, and press Enter.
    • Press “Y” when asked if you want to download the CMM plugin. Press Enter.
  12. Restart the webserver.
    • systemctl restart httpd
  13. Access GestioIP using your web browser. 
    • http://server/gestioip/install
    • Log in using the admin credential you created earlier with the password that you specified.
    • If you are having issues accessing the Web Interface, you may need to disable your firewall.
    • systemctl stop firewalld && systemctl disable firewalld
  14. Click "Next" to begin the installation.
  15. Enter a password for "Mysql super user password, and Mysql user password (twice). Then click "Send"
  16. Once the Database creation is completed and successful, click “next page”.
  17. Enter the name of your site in the Sites box, and click “next page”
  18. Once the Configuration of Site, Host Category, Net Category is completed successfully, click “next page”.
  19. Copy the command displayed to delete the install directory, and paste it in your terminal. Then press “Enter”.
  20. The installation of GestioIP is now complete. This is a good time to snapshot your VM.
  21. Install PowerDNS.
    • yum -y install pdns pdns-backend-mysql
  22. Create a Mysql database for PowerDNS
    • mysql -u root -p (Enter your password when prompted and press “Enter”)
    • CREATE DATABASE pdns;
  23. Create a user for the pdns database (pdns_admin)
    • CREATE USER 'pdns_admin'@'localhost' IDENTIFIED BY 'new_pdns_admin_password'; 
    •  GRANT ALL PRIVILEGES ON pdns.* TO 'pdns_admin'@'localhost'; 
    • FLUSH PRIVILEGES; 
  24. Change to the newly created pdns database.
    • use pdns;
  25. Copy the following lines and paste them into the terminal in order to create the required tables.
    • CREATE TABLE domains (   id  INT AUTO_INCREMENT,   name  VARCHAR(255) NOT NULL,   master  VARCHAR(128) DEFAULT NULL,   last_check  INT DEFAULT NULL,   type  VARCHAR(6) NOT NULL,   notified_serial  INT DEFAULT NULL,   account  VARCHAR(40) DEFAULT NULL,   PRIMARY KEY (id) ) Engine=”InnoDB;” CREATE UNIQUE INDEX name_index ON domains(name); CREATE TABLE records (   id  BIGINT AUTO_INCREMENT,   domain_id  INT DEFAULT NULL,   name  VARCHAR(255) DEFAULT NULL,   type  VARCHAR(10) DEFAULT NULL,   content  VARCHAR(64000) DEFAULT NULL,   ttl  INT DEFAULT NULL,   prio  INT DEFAULT NULL,   change_date  INT DEFAULT NULL,   disabled  TINYINT(1) DEFAULT 0,   ordername  VARCHAR(255) BINARY DEFAULT NULL,   auth  TINYINT(1) DEFAULT 1,   PRIMARY KEY (id) ) Engine=”InnoDB;” CREATE INDEX nametype_index ON records(name,type); CREATE INDEX domain_id ON records(domain_id); CREATE INDEX recordorder ON records (domain_id, ordername); CREATE TABLE supermasters (   ip  VARCHAR(64) NOT NULL,   nameserver  VARCHAR(255) NOT NULL,   account  VARCHAR(40) NOT NULL,   PRIMARY KEY (ip, nameserver) ) Engine=”InnoDB;” CREATE TABLE comments (   id  INT AUTO_INCREMENT,   domain_id  INT NOT NULL,   name  VARCHAR(255) NOT NULL,   type  VARCHAR(10) NOT NULL,   modified_at  INT NOT NULL,   account  VARCHAR(40) NOT NULL,   comment  VARCHAR(64000) NOT NULL,   PRIMARY KEY (id) ) Engine=”InnoDB;” CREATE INDEX comments_domain_id_idx ON comments (domain_id); CREATE INDEX comments_name_type_idx ON comments (name, type); CREATE INDEX comments_order_idx ON comments (domain_id, modified_at); CREATE TABLE domainmetadata (   id  INT AUTO_INCREMENT,   domain_id  INT NOT NULL,   kind  VARCHAR(32),   content  TEXT,   PRIMARY KEY (id) ) Engine=”InnoDB;” CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind); CREATE TABLE cryptokeys ( id  INT AUTO_INCREMENT,   domain_id  INT NOT NULL,   flags  INT NOT NULL,   active  BOOL,   content  TEXT,   PRIMARY KEY(id) ) Engine=”InnoDB;” CREATE INDEX domainidindex ON cryptokeys(domain_id); CREATE TABLE tsigkeys (   id  INT AUTO_INCREMENT,   name  VARCHAR(255),   algorithm  VARCHAR(50),   secret  VARCHAR(255),   PRIMARY KEY (id) ) Engine=”InnoDB;” CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);
  26. Exit from the Mysql database.
    • quit;
  27. Open the file “/etc/pdns/pdns.conf”
    • Delete the entire contents of the file.
    • Paste the lines below into the file.
    • Use the username and password that you created during the installation of the pdns MySQL database.
      • launch=gmysql
      • slave=yes
      • gmysql­-host=127.0.0.1
      • gmysql­-user=pdns_admin
      • gmysql-­dbname=pdns
      • gmysql­-password=new_pdns_admin_password
    • Save the file and exit.
  28. Restart the PowerDNS server
    • setenforce 0
    • sudo service pdns restart
  29. The installation of PowerDNS is complete. Now is a good time to snapshot your virtual machine.
  30. Create a forward zone (slave zone)
    • pdnsutil create­-slave­-zone mydomain.net x.x.x.x
  31. Create a reverse zone (slave zone)
    • sudo pdnsutil create-­slave­-zone x.x.x.in­-addr.arpa x.x.x.x
  32. Check if your zones were correctly created.
    • pdnsutil list-all-zones
  33. Synchronize PowerDNS and GestioIP. (Every 10 minutes)
    • crontab -e
    • Paste the following into the file. (Press “i” to insert)
      • */10 * * * * /usr/share/gestioip/bin/gip_pdns_sync.pl > /dev/null  2>&1
    • Save and Exit. (Press “Esc”, then type “:x!” and press Enter.
  34. Configure the pdns database parameters
    • Open the file /usr/share/gestioip/etc/ip_update_gestioip.conf
    • Set the password for MYSQL GestioIP and MYSQL PowerDNS Configuration
    • Save and Exit.
  35. If you are going to use Microsoft DNS server as your master server.
    • Create an AD user named gip_dyn_update
    • Allow dynamic DNS updates (secure only)
    • Install the KERBEROS client tools
      • yum -y install krb5-workstation
  36. Open the file /etc/krb5.conf.
    • Delete all existing content
    • Paste the following.
      • [logging]
        kdc = FILE:/var/log/krb5/krb5kdc.log
        admin_server = FILE:/var/log/krb5/kadmind.log
        default = SYSLOG:NOTICE:DAEMON
        [libdefaults]
        default_realm = MYDOMAIN.LOCAL
        dns_lookup_realm = true
        dns_lookup_kdc = true
        ticket_lifetime = 24h
        renew_lifetime = 7d
        forwardable = true
        [realms]
        MYDOMAIN.LOCAL = {
        default_domain = mydomain.local
        kdc = pdc.myd1Gomain.net
        admin_server = pdc.mydomain.net
        }
        [domain_realm]
        .mydomain.local = MYDOMAIN.LOCAL
    •  Replace “MYDOMAIN.LOCAL” with your domain name (ALL CAPS)
    • Replace “pdc.mydomain.net” with your DNS server.
  37. Type “kinit (ad user you created earlier), press Enter.
    • Type in ad user password.
    • Type “klist” to get the ticket information.
  38. Enable DDNS Updates in GestioIP
    • From the GestioIP Web Interface, go to manage > manage GestióIP > set “Dynamic DNS update enabled” to “yes” > click “save”
  39. Create a DNS Update User.
    • manage > DNS update user > add User
    • Click “New” in the upper right-hand corner.
    • Enter Name, Password, and Realm
      • Name is the AD user only
      • Realm must be ALL CAPS
  40. Create a DNS Zone (perform this step twice, “A” and “PTR”
    • manage > DNS zones > add zone
    • Click “New” in the upper right-hand corner.
    • Zone name must match the zone name in AD
    • For purpose, click “Updates GestioIP >DNS”
    • Type “A”
    • Server Type “GSS-TSIG”
    • DNS update user “select the user”
    • Add your AD/DNS server IP into the DNS Server field.
    • ttl = 2800
    • Click “add”.
  41. Add the custom columns “DNSZone” and “DNSPTRZone” to the registered network columns.
    • manage > custom columns > Insert predefined network column > select “DNSZone” > click add select “DNSPTRZone” > click add
  42. Configuring networks for the dynamic DNS updates
    • Create your network.
    • Select DNSZone
    • Select DNSPTRZone
    • DNS update mode (update A and PTR records)
    • click add
  43. Test the working configuration, by creating a new entry in the GestioIP Web Interface.
    • Verify the entries have been created in both forward and reverse lookup zones in AD/DNS.

© 2023 Tsunati, All Rights Reserved.

Scroll to Top