Chroot-BIND8 HOWTO <author>Scott Wunsch, <tt>scott at wunsch.org</> <date>v1.4, 1 July 2001 <trans>ÃæÌîÉðÍº <tt>nakano at apm.seikei.ac.jp</> <tdate>v1.4j1, 3 January 2002 <abstract>  ¤³¤ÎÊ¸½ñ¤Ï BIND 8 ¤Î¥Í¡¼¥à¥µ¡¼¥Ð¤ò "chroot jail" ¤ÎÆâÉô¤Ç¡¢ Èó root ¥æ¡¼¥¶¤È¤·¤Æ¼Â¹Ô¤µ¤»¤ë¤è¤¦¤Ê ¥¤¥ó¥¹¥È¡¼¥ë¤Î¤ä¤êÊý¤òÀâÌÀ¤·¤Þ¤¹¡£ ¤³¤ì¤Ë¤è¤Ã¤Æ¥»¥¥å¥ê¥Æ¥£¤¬¶¯²½¤µ¤ì¡¢ ¤Þ¤¿¥»¥¥å¥ê¥Æ¥£¤¬ÇË¤é¤ì¤¿¤È¤¤â±Æ¶Á¤òºÇ¾®¸Â¤Ë¤Ç¤¤Þ¤¹¡£ ¤³¤Á¤é¤ÎÊ¸½ñ¤Ï¡¢ÀÎ¤Î (¤Ç¤â°ÍÁ³¤È¤·¤Æ¤è¤¯»È¤ï¤ì¤Æ¤¤¤ë) BIND 8 ¤òÂÐ¾Ý¤Ë¤·¤Æ¤¤¤Þ¤¹¡£ BIND 9 ¤ËÂÐ¤·¤ÆÆ±ÍÍ¤Î¾ðÊó¤òÄó¶¡¤¹¤ë¡¢ÊÌ¤ÎÊ¸½ñ¤â¤¢¤ê¤Þ¤¹¡£ </abstract>  <toc>   <sect>¤Ï¤¸¤á¤Ë  ¤³¤ÎÊ¸½ñ¤Ï Chroot-BIND8 HOWTO ¤Ç¤¹¡£ ºÇ¿·ÈÇ¤ÎÃÖ¤«¤ì¤Æ¤¤¤ë¥Þ¥¹¥¿¡¼¥µ¥¤¥È¤Ï <ref id="where" Name="Where?"> ¤ò¸«¤Æ¤¯¤À¤µ¤¤¡£ ÆÉ¼Ô¤Ï BIND (the Berkeley Internet Name Domain) ¤ÎÀßÄêÊýË¡¡¦ÍøÍÑÊýË¡¤ò ´û¤ËÃÎ¤Ã¤Æ¤¤¤ë¤È¤·¤ÆÏÃ¤ò¿Ê¤á¤Þ¤¹¡£ ÃÎ¤é¤Ê¤¤¿Í¤Ï¡¢¤Þ¤º DNS HOWTO ¤òÆÉ¤à¤ÈÎÉ¤¤¤Ç¤·¤ç¤¦¡£ ¤Þ¤¿¤ª»È¤¤¤Î UNIX ·Ï¥·¥¹¥Æ¥à¤Ë¤ª¤±¤ë¥³¥ó¥Ñ¥¤¥ë¡¦¥¤¥ó¥¹¥È¡¼¥ë¤Ë¤Ä¤¤¤Æ¤Ï¡¢ ÆÉ¼Ô¤Ï½¬½Ï¤·¤Æ¤¤¤ë¤â¤Î¤È¤·¤Þ¤¹¡£ <sect1>What?  ¤³¤ÎÊ¸½ñ¤Ï¡¢BIND ¤Î¥¤¥ó¥¹¥È¡¼¥ë»þ¤Ë¼è¤ë¤³¤È¤Î¤Ç¤¤ë¡¢ ÉÕ²ÃÅª¤Ê¥»¥¥å¥ê¥Æ¥£ÂÐºö¤Ë¤Ä¤¤¤ÆÀâÌÀ¤·¤Þ¤¹¡£ ¤Þ¤º¡¢BIND ¤ò ``chroot jail'' ¤ÎÆâÉô¤ÇÆ°ºî¤µ¤»¤ë¤è¤¦ ÀßÄê¤¹¤ëÊýË¡¤Ë¤Ä¤¤¤ÆÀâÌÀ¤·¤Þ¤¹¡£ ¤¹¤Ê¤ï¤Á¡¢BIND ¤ÏÊÄ¤¸¹þ¤á¤é¤ì¤¿¾®¤µ¤Ê¥Ç¥£¥ì¥¯¥È¥ê¥Ä¥ê¡¼¤Î ³°Éô¤Ë¤¢¤ë¥Õ¥¡¥¤¥ë¤ò¸«¤ë¤³¤È¤¬¤Ç¤¤Ê¤¯¤Ê¤ë¤Î¤Ç¤¹¡£ ¤Þ¤¿¡¢BIND ¤òÈó root ¥æ¡¼¥¶¤Ç¼Â¹Ô¤µ¤»¤ë¤è¤¦¤ÊÀßÄê¤â¹Ô¤¤¤Þ¤¹¡£  chroot ¤ÎÇØ¸å¤Ë¤¢¤ë¹Í¤¨Êý¤Ï¡¢¤È¤Æ¤âÃ±½ã¤Ç¤¹¡£ BIND (¤¢¤ë¤¤¤ÏÂ¾¤Î¥×¥í¥»¥¹) ¤ò chroot jail ¤ÎÆâÉô¤Ç¼Â¹Ô¤¹¤ë¤È¡¢ ¤½¤Î¥×¥í¥»¥¹¤Ï¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¤Î¤¦¤Á jail ¤ÎÆâÉô¤·¤«¸«¤ë¤³¤È¤¬¤Ç¤¤Ê¤¯¤Ê¤ë¤Î¤Ç¤¹¡£ Îã¤¨¤Ð¡¢¤³¤ÎÊ¸½ñ¤Ç¤Ï¡¢BIND ¤ò <tt>/chroot/named</> ¥Ç¥£¥ì¥¯¥È¥ê¤Ë chroot ¤·¤¿¾õÂÖ¤Ç¼Â¹Ô¤·¤Þ¤¹¡£ BIND ¤Ë¤È¤Ã¤Æ¤Ï¡¢¤³¤Î¥Ç¥£¥ì¥¯¥È¥ê¤ÎÃæ¿È¤¬ <tt>/</> ¤Î¤è¤¦¤Ë¸«¤¨¤ë¤Î¤Ç¤¹¡£ ¤³¤Î¥Ç¥£¥ì¥¯¥È¥ê¤Î³°Éô¤Ë¤Ï°ìÀÚ¥¢¥¯¥»¥¹¤Ç¤¤Þ¤»¤ó¡£ ¸ø³«¥·¥¹¥Æ¥à¤Ë ftp ¤·¤¿¤³¤È¤Î¤¢¤ë¿Í¤Ï¡¢ ¤ª¤½¤é¤¯´û¤Ë¤³¤Î chroot jail ¤Ë½Ð²ñ¤Ã¤¿¤³¤È¤¬¤¢¤ë¤È»×¤¤¤Þ¤¹¡£ <sect1>Why?  ¤Ê¤¼ BIND ¤ò chroot jail ¤ÎÆâÉô¤ÇÆ°ºî¤µ¤»¤ë¤ÈÎÉ¤¤¤Î¤Ç¤·¤ç¤¦¤«¡£ ¤½¤ì¤Ï¡¢²¾¤Ë°¤¤ÅÛ¤¬ BIND ¤Î·ê¤ò»È¤Ã¤Æ¥¢¥¯¥»¥¹¤òÆÀ¤¿¤È¤·¤Æ¤â¡¢ ¤½¤Î¥¢¥¯¥»¥¹¤Ç¤¤ëÈÏ°Ï¤òºÇ¾®¸Â¤ËÀ©¸Â¤Ç¤¤ë¤«¤é¤Ç¤¹¡£ BIND ¤òÈó root ¥æ¡¼¥¶¸¢¸Â¤ÇÆ°ºî¤µ¤»¤ë¤Î¤âÆ±¤¸ÍýÍ³¤«¤é¤Ç¤¹¡£  ¤³¤ì¤ÏÄÌ¾ï¸À¤ï¤ì¤Æ¤¤¤ë¥»¥¥å¥ê¥Æ¥£ÂÐºö (ºÇ¿·ÈÇ¤ò»È¤¦¡¢¥¢¥¯¥»¥¹À©¸Â¤ò¤¹¤ë¡¢¤Ê¤É) ¤Î¡¢ ¤¤¤ï¤Ð¡Ö¤ª¤Þ¤±¡×¤È¤ß¤Ê¤¹¤Ù¤¤Ç¡¢ ¤³¤ì¤òÂåÂØ¤¹¤ë¤â¤Î¤È¹Í¤¨¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£  ÆÉ¼Ô¤¬ DNS ¤Î¥»¥¥å¥ê¥Æ¥£¤Ë¶½Ì£¤ò¤ª»ý¤Á¤Ê¤é¡¢ Â¾¤ÎÀ½ÉÊ¤òÄ´¤Ù¤Æ¤ß¤ë¤Î¤âÎÉ¤¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£ BIND ¤ò <url url="http://www.immunix.org/products.html#stackguard" name="StackGuard"> ¤È¶¦¤Ë¹½ÃÛ¤¹¤ì¤Ð¡¢¤¤Ã¤È°ÂÁ´À¤ò¤è¤ê¸þ¾å¤µ¤»¤Æ¤¯¤ì¤ë¤Ç¤·¤ç¤¦¡£ »È¤¤Êý¤Ï´ÊÃ±¤Ç¤¹¡£ÉáÄÌ¤Î gcc ¤ÈÆ±¤¸¤Ç¤¹¡£ ¤Þ¤¿ Dan Bernstein ¤Î½ñ¤¤¤¿ <url url="http://cr.yp.to/dnscache.html" name="DNScache"> ¤Ï¡¢BIND ¤ÎÂå¤ï¤ê¤ËÍøÍÑ¤Ç¤¤ë°ÂÁ´¤Ê¥½¥Õ¥È¥¦¥§¥¢¤Ç¤¹¡£ ¡ÚÌõÃí: <url url="http://cr.yp.to/djbdns.html" name="djbdns"> ¤Ë²þÌ¾¤·¤¿¤è¤¦¤Ç¤¹¡Û Dan ¤Ï qmail ¤ÎÃø¼Ô¤Ç¤â¤¢¤ê¤Þ¤¹¡£ <sect1>Where?<label id="where">  ¤³¤ÎÊ¸½ñ¤ÎºÇ¿·ÈÇ¤Ï¡¢¾ï¤Ë Linux/Open Source Users of Regina, Sask. ¤Î web ¥µ¥¤¥È¤è¤êÆþ¼ê¤Ç¤¤Þ¤¹¡£ <url url="http://www.losurs.org/docs/howto/Chroot-BIND8.html"> ¤Ç¤¹¡£  ¸½ºß¤Ï¤³¤ÎÊ¸½ñ¤ÎÆüËÜ¸ìÈÇ¤â¤¢¤ê¡¢ ÃæÌîÉðÍº <tt>nakano at apm.seikei.ac.jp</> ¤¬´ÉÍý¤·¤Æ¤¤¤Þ¤¹¡£ ¤³¤ì¤Ï <url url="http://www.linux.or.jp/JF/JFdocs/Chroot-BIND8-HOWTO.html"> ¤«¤éÆþ¼ê¤Ç¤¤Þ¤¹¡£  BIND ¤Ï <url url="http://www.isc.org/" name="the Internet Software Consortium"> ¤Î <url url="http://www.isc.org/bind.html"> ¤«¤éÆþ¼ê¤Ç¤¤Þ¤¹¡£¤³¤ÎÊ¸½ñ¤Î¼¹É®»þÅÀ¤Ç¤ÎºÇ¿·ÈÇ¤Ï 8.2.4 ¤Ç¤¹¡£ BIND 9 ¤¬»È¤¨¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤«¤é¤À¤¤¤Ö¤¿¤Á¡¢ ¼ÂºÝ¤Î¶ÈÌ³¤Ë»È¤Ã¤Æ¤¤¤ë¿Í¤âÂ¿¤¤¤è¤¦¤Ç¤¹¡£ ¤³¤Á¤é¤Ç¤Ï chroot ¤Î½èÍý¤¬¤«¤Ê¤ê´ÊÃ±¤«¤Ä¸«ÄÌ¤·ÎÉ¤¯¤Ê¤Ã¤Æ¤¤¤Þ¤¹¤Î¤Ç¡¢ ¤½¤í¤½¤í¥¢¥Ã¥×¥°¥ì¡¼¥É¤ò¹Í¤¨¤Æ¤â¤¤¤¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£ BIND 9 ¤ò»È¤Ã¤Æ¤¤¤ëÊý¤Ï¡¢ Chroot-BIND HOWTO ¤ò¤´Í÷¤Ë¤Ê¤Ã¤Æ¤¯¤À¤µ¤¤¡£ ¤³¤ÎÊ¸½ñ¤ÈÆ±¤¸¾ì½ê¤Ë¤¢¤ë¤Ï¤º¤Ç¤¹¡£  <bf>8.2.3</> ¤è¤êÁ°¤Î¤¹¤Ù¤Æ¤Î¥Ð¡¼¥¸¥ç¥ó¤Î BIND 8 ¤Ë¤Ï¡¢ <bf>´ûÃÎ¤Î</>¥»¥¥å¥ê¥Æ¥£¥Û¡¼¥ë¤¬¤¢¤ê¤Þ¤¹¡£ É¬¤ººÇ¿·ÈÇ¤ò»È¤¦¤è¤¦¤Ë¡¢µ¤¤ò¤Ä¤±¤Æ¤¯¤À¤µ¤¤! <sect1>How?  »ä¤Ï¤³¤ÎÊ¸½ñ¤ò¡¢ ¼«Ê¬¼«¿È¤Ç chroot ´Ä¶¤Ê BIND ¤ò¥»¥Ã¥È¥¢¥Ã¥×¤·¤¿·Ð¸³¤Ë´ð¤Å¤¤¤Æ½ñ¤¤Þ¤·¤¿¡£ »ä¤Î¾ì¹ç¤Ï¡¢´û¤Ë BIND ¤ò (¼«Ê¬¤Î Linux ¥Ç¥£¥¹¥È¥ê¥Ó¥å¡¼¥·¥ç¥ó¤Î) ¥Ñ¥Ã¥±¡¼¥¸·Á¼°¤Ç¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¤¢¤ê¤Þ¤·¤¿¡£ ¤ª¤½¤é¤¯ÆÉ¼Ô¤Î¤Û¤È¤ó¤É¤âÆ±¤¸¤Ç¤·¤ç¤¦¡£ ¤Ç¤¹¤Î¤Ç¡¢¤³¤³¤Ç¤Ï´û¤Ë¥¤¥ó¥¹¥È¡¼¥ëºÑ¤ß¤Î BIND ¤«¤é ÀßÄê¥Õ¥¡¥¤¥ë¤ò°ÜÆ°¤·¤Æ½¤Àµ¤·¡¢¥Ñ¥Ã¥±¡¼¥¸¤Ïºï½ü¤·¤Æ¡¢ ¿·¤·¤¤¤Î¤ò¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¤³¤È¤Ë¤·¤Þ¤¹¡£ ¤Ç¤â¤Þ¤À¥Ñ¥Ã¥±¡¼¥¸¤Ïºï½ü¤·¤Ê¤¤¤Ç¤¯¤À¤µ¤¤¤Í¡£ ¤Þ¤º¤½¤³¤«¤é¤¤¤¯¤Ä¤«¥Õ¥¡¥¤¥ë¤¬É¬Í×¤Ë¤Ê¤ê¤Þ¤¹¤«¤é¡£  ¤Þ¤À BIND ¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¤¤¤Ê¤¤¿Í¤Ç¤â¡¢ ¤³¤ÎÊ¸½ñ¤ÎÊýË¡¤òÍøÍÑ¤¹¤ë¤³¤È¤Ï¤Ç¤¤Þ¤¹¡£ °ã¤¤¤Ï¡¢»ä¤¬´ûÂ¸¤Î¥Õ¥¡¥¤¥ë¤ò¥³¥Ô¡¼¤·¤Æ¤¯¤ë¤è¤¦»Ø¼¨¤·¤¿ÉôÊ¬¤Ç¡¢ ¤½¤Î¥Õ¥¡¥¤¥ë¤ò¥¼¥í¤«¤é½ñ¤µ¯¤³¤¹É¬Í×¤¬¤¢¤ë¡¢¤È¤¤¤¦¤À¤±¤Ç¤¹¡£ ¤³¤ÎºÝ¤Ë¤Ï DNS HOWTO ¤¬Ìò¤ËÎ©¤Ä¤Ç¤·¤ç¤¦¡£  <sect1>¤ª¤³¤È¤ï¤ê  ¤³¤ì¤é¤Îµ½Ò¤Ï»ä¤Î¥·¥¹¥Æ¥à¤Ç¤ÏÆ°ºî¤·¤Þ¤·¤¿¡£ ¤·¤«¤·ÆÉ¼Ô¤Î¤È¤³¤í¤Ç¤Î·ë²Ì¤Ï°Û¤Ê¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£ ¤³¤ì¤Ï 1 ¤Ä¤Î¥¢¥×¥í¡¼¥Á¤Ë²á¤®¤º¡¢ Æ±ÍÍ¤ÎÀßÄê¤ò¹Ô¤¦¤Ë¤Ï¤¤¤í¤¤¤í¤ÊÊýË¡¤¬Í¤êÆÀ¤Þ¤¹ (°ìÈÌÅª¤Ê¥¢¥×¥í¡¼¥Á¤Ï¤À¤¤¤¿¤¤Æ±¤¸¤Ë¤Ê¤ë¤Ç¤·¤ç¤¦¤¬)¡£ ¤³¤ì¤Ï¡¢»ä¤¬»î¤ß¤¿Ãæ¤ÇºÇ½é¤ËÆ°ºî¤·¤¿¤ä¤êÊý¤À¤Ã¤¿¤Î¤Ç¡¢ ¤³¤³¤Ë½ñ¤µ¤·¤¿¤Ë¤¹¤®¤Þ¤»¤ó¡£  »ä¤Î¸½ºß¤Þ¤Ç¤Ë»ê¤ë BIND ¤Î·Ð¸³¤Ç¤Ï¡¢ Linux ¥µ¡¼¥Ð¤Ë¤·¤«¥¤¥ó¥¹¥È¡¼¥ë¤ò¹Ô¤Ã¤Æ¤¤¤Þ¤»¤ó¡£ ¤·¤«¤·¡¢¤³¤ÎÊ¸½ñ¤ÎÀâÌÀ¤ÎÂçÈ¾¤Ï¡¢ Â¾¤Î¼ïÎà¤Î UNIX ¤Ë¤âÍÆ°×¤ËÅ¬ÍÑ¤Ç¤¤ë¤Ï¤º¤Ç¤¹¡£ »ä¤Îµ¤ÉÕ¤¤¤¿°ã¤¤¤Ë¤Ä¤¤¤Æ¤Ï¡¢ ¤Ç¤¤ë¤À¤±µ½Ò¤¹¤ë¤Ä¤â¤ê¤Ç¤¹¡£  <sect>jail ¤ÎÍÑ°Õ  <sect1>¥æ¡¼¥¶¤ÎºîÀ®  ¡Ö¤Ï¤¸¤á¤Ë¡×¤Ç½Ò¤Ù¤¿¤è¤¦¤Ë¡¢ BIND ¤ò root ¸¢¸Â¤Ç¼Â¹Ô¤¹¤ë¤Î¤Ï¤¢¤Þ¤êÎÉ¤¤¹Í¤¨¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£ ½¾¤Ã¤Æ¡¢¤Þ¤ººÇ½é¤Ë BIND ÀìÍÑ¤Î¥æ¡¼¥¶¤òºî¤ê¤Þ¤·¤ç¤¦¡£ ¤³¤ÎÌÜÅª¤Ë¡¢<tt>nobody</> ¤Î¤è¤¦¤Ê´ûÂ¸¤Î°ìÈÌ¸þ¤±¥æ¡¼¥¶¤Ï¡¢ ·è¤·¤Æ»È¤¦¤Ù¤¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£ ¤·¤«¤·¡¢SuSE ¤ä Linux Mandrake ¤Ê¤É¡¢ ºÇ½é¤«¤é¤³¤Î¤¿¤á¤Î¥æ¡¼¥¶ (ÉáÄÌ <tt>named</> ¤È¤¤¤¦Ì¾Á°) ¤òÍÑ°Õ¤·¤Æ¤¤¤ë¥Ç¥£¥¹¥È¥ê¥Ó¥å¡¼¥·¥ç¥ó¤â¤¢¤ë¤Î¤Ç¡¢ ¤½¤Î¾ì¹ç¤Ï¤ªË¾¤ß¤Ê¤é¤³¤Î¥æ¡¼¥¶¤òÍÑ¤¤¤Æ¤â¹½¤¤¤Þ¤»¤ó¡£  ¤µ¤Æ¡¢¥æ¡¼¥¶¤òÄÉ²Ã¤¹¤ë¤Ë¤Ï¡¢¼¡¤Î¤è¤¦¤Ê¹Ô¤ò <tt>/etc/passwd</> ¤Ë²Ã¤¨¤Þ¤¹¡£ <tscreen><verb> named:x:200:200:Nameserver:/chroot/named:/bin/false </verb></tscreen>  ¤½¤·¤Æ¼¡¤Î¹Ô¤ò <tt>/etc/group</> ¤Ë²Ã¤¨¤Þ¤¹¡£ <tscreen><verb> named:x:200: </verb></tscreen>  ¤³¤ì¤Ç BIND ÍÑ¤Î <tt>named</> ¤È¤¤¤¦¥æ¡¼¥¶¤È¥°¥ë¡¼¥×¤¬¤Ç¤¤Þ¤·¤¿¡£ UID ¤È GID (¤³¤ÎÎã¤Ç¤ÏÎ¾Êý¤È¤â 200) ¤¬¡¢ ¤ª»È¤¤¤Î¥·¥¹¥Æ¥à¤ÇÂ¾¤È½Å¤Ê¤Ã¤Æ¤¤¤Ê¤¤¤è¤¦¤ËÃí°Õ¤·¤Þ¤·¤ç¤¦¡£ ¤³¤Î¥æ¡¼¥¶¤Ï¥í¥°¥¤¥ó¤¹¤ëÉ¬Í×¤¬¤Ê¤¤¤Î¤Ç¡¢ ¥·¥§¥ë¤Ï <tt>/bin/false</> ¤Ë¤·¤Æ¤¢¤ê¤Þ¤¹¡£  <sect1>¥Ç¥£¥ì¥¯¥È¥ê¹½Â¤  ¼¡¤Ë¡¢chroot jail ¤Ë»ÈÍÑ¤¹¤ë¥Ç¥£¥ì¥¯¥È¥ê¹½Â¤¤òºî¤Ã¤Æ¤¢¤²¤ëÉ¬Í×¤¬¤¢¤ê¤Þ¤¹¡£ ¤³¤³¤¬ BIND ¤ÎÀ¸³è¤Î¾ì¤È¤Ê¤ë¤ï¤±¤Ç¤¹¡£ ¤³¤ì¤Ï¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¤Î¤É¤³¤Ç¤â¹½¤¤¤Þ¤»¤ó¡£ Èó¾ï¤Ë¿À·Ð¼Á¤Ê¿Í¤Ï¡¢ÆÈÎ©¤·¤¿¥Ü¥ê¥å¡¼¥à (¥Ñ¡¼¥Æ¥£¥·¥ç¥ó) ¤ËÃÖ¤¤¿¤¤¤È¤µ¤¨»×¤¦¤«¤â¤·¤ì¤Þ¤»¤ó¤Í¡£ ¤³¤³¤Ç¤Ï <tt>/chroot/named</> ¤ò»È¤¤¤Þ¤¹¡£ ¤Þ¤º°Ê²¼¤Î¤è¤¦¤Ê¥Ç¥£¥ì¥¯¥È¥ê¹½Â¤¤òºî¤Ã¤Æ¤¯¤À¤µ¤¤¡£ <tscreen><verb> /chroot +-- named +-- bin +-- dev +-- etc | +-- namedb +-- lib +-- var +-- run </verb></tscreen> ¡ÚÌõÃí: Debian ¥æ¡¼¥¶¤Ç¥Ð¥¤¥Ê¥ê¤ÎºÆ¥³¥ó¥Ñ¥¤¥ë¤ò¹Ô¤¤¤¿¤¯¤Ê¤¤¿Í (¸å½Ò) ¤Ï¡¢ <tt>/chroot/named/etc/namedb</> ¤ò <tt>/chroot/named/etc/bind</> ¤È¤·¤Þ¤·¤ç¤¦¡Û  <sect1>BIND ¤Î¥Ç¡¼¥¿¤òÇÛÃÖ¤¹¤ë  ´û¤ËÄÌ¾ï¤Î¤«¤¿¤Á¤Ç BIND ¤¬¥¤¥ó¥¹¥È¡¼¥ë¤Ç¤¤Æ¤¤¤Æ¡¢ ¤³¤ì¤òÍøÍÑ¤·¤Æ¤¤¤ë¤Ê¤é¡¢ <tt>named.conf</> ¥Õ¥¡¥¤¥ë¤È¥¾¡¼¥ó¥Õ¥¡¥¤¥ë¤¬¤¢¤ë¤Ï¤º¤Ç¤¹¡£ ¤³¤ì¤é¤Î¥Õ¥¡¥¤¥ë¤Ï chroot jail ¤ÎÃæ¤Ë°ÜÆ° (¤¢¤ë¤¤¤Ï°ÂÁ´¤Ë¤ä¤ë¤Ê¤é¥³¥Ô¡¼) ¤·¤Æ¡¢BIND ¤«¤é¸«¤¨¤ë¤è¤¦¤Ë¤·¤Æ¤ä¤ëÉ¬Í×¤¬¤¢¤ê¤Þ¤¹¡£ <tt/named.conf/ ¤Ï <tt>/chroot/named/etc</> ¤Ø¡¢ ¥¾¡¼¥ó¥Õ¥¡¥¤¥ë¤Ï <tt>/chroot/named/etc/namedb</> ¤Ø°ÜÆ°¤·¤Þ¤¹¡£ Îã¤¨¤Ð: <tscreen><verb> # cp -p /etc/named.conf /chroot/named/etc/ # cp -a /var/named/* /chroot/named/etc/namedb/ </verb></tscreen> ¡ÚÌõÃí: Debian ¤Î¾ì¹ç¤Ï named.conf ¤Î¾ì½ê¤Ï <tt>/chroot/named/etc/bind</> ¤Ë¤Ê¤ê¤Þ¤¹¡£ ¥¾¡¼¥ó¥Õ¥¡¥¤¥ë¤ÎÃÖ¤¾ì½ê¤Ï <tt/named.conf/ Ãæ¤Îµ½Ò¤Ë°ÍÂ¸¤¹¤ë¤Î¤Ç¤¹¤¬¡¢ ÄÌ¾ï¤Ï <tt/named.conf/ ¤ÈÆ±¤¸¥Ç¥£¥ì¥¯¥È¥ê¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£¡Û  BIND ¤Ï¤ª¤½¤é¤¯ <tt/namedb/ ¥Ç¥£¥ì¥¯¥È¥ê¤È¡¢ ¤½¤³¤ËÃÖ¤«¤ì¤¿¥Õ¥¡¥¤¥ë (¤Î°ìÉô) ¤ËÂÐ¤¹¤ë½ñ¤¤³¤ß¸¢¸Â¤òÉ¬Í×¤È¤·¤Þ¤¹¡£ Îã¤¨¤Ð¡¢¤ª»È¤¤¤Î DNS ¤¬¤¢¤ë¥¾¡¼¥ó¤ò¥¹¥ì¡¼¥Ö¤Ç¥µ¡¼¥Ó¥¹¤¹¤ë¤Ê¤é¡¢ BIND ¤Ï¤½¤Î¥¾¡¼¥ó¥Õ¥¡¥¤¥ë¤ò¹¹¿·¤Ç¤¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£ ¤Þ¤¿ BIND ¤ÏÅý·×¾ðÊó¤ò¥À¥ó¥×¤Ç¤¤Þ¤¹¤Î¤Ç¡¢ ¤½¤ì¤â¤³¤Î¥Ç¥£¥ì¥¯¥È¥ê¤Ë½ñ¤±¤ë¤è¤¦¤Ë¤·¤Æ¤ä¤ëÉ¬Í×¤¬¤¢¤ê¤Þ¤¹¡£ ¤³¤ì¤é¤ÎÍýÍ³¤«¤é¡¢¤³¤Î¥Ç¥£¥ì¥¯¥È¥ê (¤È¤½¤ÎÃæ¿È) ¤Î ½êÍ¼Ô¤Ï <tt/named/ ¥æ¡¼¥¶¤Ë¤·¤Æ¤ª¤¯¤Ù¤¤Ç¤·¤ç¤¦¡£ <tscreen><verb> # chown -R named:named /chroot/named/etc/namedb </verb></tscreen> ¡ÚÌõÃí:<label id="trans_named.conf"> ¶ñÂÎÅª¤Ë¤Ï¡¢<tt/named.conf/ ¤Î &dquot;options&dquot; Àë¸ÀÃæ¤Î directory Ê¸¤¬¡¢ ¤³¤ì¤é¤Î½ñ¤¤³¤ß¤¬¹Ô¤ï¤ì¤ë¥Ç¥£¥ì¥¯¥È¥ê¤Ë¤Ê¤ê¤Þ¤¹¡£ ¤³¤ì¤Ï¥¾¡¼¥ó¥Õ¥¡¥¤¥ë¤Î¥Ñ¥¹»ØÄê¤Î¥Ù¡¼¥¹¥Ç¥£¥ì¥¯¥È¥ê¤Ç¤â¤¢¤ê¤Þ¤¹¡£ Debian ¤ÎÎ®µ·¤Ç¤¹¤È¡¢ ¤³¤Î directory ¤Ï <tt>/var/cache/named</> ¤Ë¤Ê¤Ã¤Æ¤ª¤ê¡¢ ³Æ¥¾¡¼¥ó¥Õ¥¡¥¤¥ë¤Ï¥Õ¥ë¥Ñ¥¹¤Ç»ØÄê¤¹¤ë¤«¤¿¤Á¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£ ¤³¤Î¾ì¹ç¤Ï <tscreen><verb> # mkdir -p /chroot/named/var/cache/namedb # chown -R named:named /chroot/named/var/cache/namedb </verb></tscreen> ¤Ê¤É¤È¤¹¤ë¤³¤È¤Ë¤Ê¤ë¤Ç¤·¤ç¤¦¡£¡Û  BIND ¤Ï <tt>/var/run</> ¥Ç¥£¥ì¥¯¥È¥ê¤Ë¤â½ñ¤¤³¤ß¸¢¸Â¤òÉ¬Í×¤È¤·¤Þ¤¹¡£ pid ¥Õ¥¡¥¤¥ë¤È ndc ¥½¥±¥Ã¥È¤ò¤³¤³¤Ëºî¤ë¤«¤é¤Ç¤¹¡£ ¼¡¤Î¥³¥Þ¥ó¥É¤Ç¤³¤ì¤ò²ÄÇ½¤Ë¤·¤Æ¤ä¤ê¤Þ¤·¤ç¤¦¡£ <tscreen><verb> # chown named:named /chroot/named/var/run </verb></tscreen>  <sect1>¥·¥¹¥Æ¥à¤Î¥µ¥Ý¡¼¥È¥Õ¥¡¥¤¥ë  BIND ¤¬ chroot jail ÆâÉô¤Ç¤Î¼Â¹Ô¤ò»Ï¤á¤ë¤È¡¢ jail ³°Éô¤Î¥Õ¥¡¥¤¥ë¤Ø¤Ï<bf>°ìÀÚ</>¥¢¥¯¥»¥¹¤Ç¤¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£ ¤·¤«¤·¡¢¥·¥¹¥Æ¥à¤Î C ¥é¥¤¥Ö¥é¥ê¤Ê¤É¡¢ ¤¤¤¯¤Ä¤«¤Î½ÅÍ×¤Ê¥Õ¥¡¥¤¥ë¤Ë¤Ï¼Â¹Ô¸å¤â¥¢¥¯¥»¥¹¤Ç¤¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£ ¼ÂºÝ¤Ë¤É¤Î¥é¥¤¥Ö¥é¥ê¤¬É¬Í×¤Ë¤Ê¤ë¤«¤Ï¡¢¤ª»È¤¤¤Î UNIX OS ¤Ë°ÍÂ¸¤·¤Þ¤¹¡£ ºÇ¿·¤Î Linux ¥·¥¹¥Æ¥à¤Ê¤é¡¢ °Ê²¼¤Î¥³¥Þ¥ó¥É¤òÍøÍÑ¤¹¤ì¤ÐÉ¬Í×¤Ê¥Õ¥¡¥¤¥ë¤ò Å¬ÀÚ¤Ê¾ì½ê¤Ë¤Á¤ã¤ó¤ÈÇÛÃÖ¤·¤Æ¤¯¤ë¤Ï¤º¤Ç¤¹¡£ <tscreen><verb> # cd /chroot/named/lib # cp -p /lib/libc-2.*.so . # ln -s libc-2.*.so libc.so.6 # cp -p /lib/ld-2.*.so . # ln -s ld-2.*.so ld-linux.so.2 </verb></tscreen>  ¤³¤¦¤¹¤ëÂå¤ï¤ê¤Ë¡¢BIND ¤Î¥Ð¥¤¥Ê¥ê¤òÀÅÅª¤Ë¥ê¥ó¥¯¤·¤Æ¥Ó¥ë¥É¤·¡¢ ¤³¤ì¤ò chroot jail °Ê²¼¤ËÃÖ¤¤¤ÆÍøÍÑ¤¹¤ë¤³¤È¤â²ÄÇ½¤Ç¤¹¡£ <tt>ldconfig</> ¤â jail ¤ÎÆâÉô¤Ë¥³¥Ô¡¼¤·¤Æ¼Â¹Ô¤·¡¢ jail ´Ä¶ÍÑ¤Î <tt>etc/ld.so.cache</> ¤òºî¤ê¤Þ¤·¤ç¤¦¡£ ¼¡¤Î¥³¥Þ¥ó¥É¤¬¤³¤ì¤ò¹Ô¤¤¤Þ¤¹: <tscreen><verb> # cp /sbin/ldconfig /chroot/named/bin/ # chroot /chroot/named /bin/ldconfig -v </verb></tscreen>  BIND ¤Ï¤â¤¦°ì¤Ä¥Õ¥¡¥¤¥ë¤ò jail ¤ÎÆâÉô¤ËÉ¬Í×¤È¤·¤Þ¤¹¡£ ¤¤¤Ä¤â¤Î <tt>/dev/null</> ¤Ç¤¹¡£ ¤³¤³¤Ç¤â¡¢¤³¤Î¥Ç¥Ð¥¤¥¹¥Î¡¼¥É¤òºî¤ë¤¿¤á¤ËÉ¬Í×¤Ê¥³¥Þ¥ó¥É¤Ï ¥·¥¹¥Æ¥à¤Ë¤è¤Ã¤Æ°Û¤Ê¤ë¤Ç¤·¤ç¤¦¡£ <tt>/dev/MAKEDEV</> ¥¹¥¯¥ê¥×¥È¤òÄ´¤Ù¤Æ³ÎÇ§¤·¤Æ¤¯¤À¤µ¤¤¡£ ¥·¥¹¥Æ¥à¤Ë¤è¤Ã¤Æ¤Ï <tt>/dev/zero</> ¤¬É¬Í×¤Ê¤³¤È¤â¤¢¤ê¤Þ¤¹¡£ ¤Û¤È¤ó¤É¤Î Linux ¥·¥¹¥Æ¥à¤Ç¤Ï¡¢°Ê²¼¤Î¥³¥Þ¥ó¥É¤¬»È¤¨¤Þ¤¹¡£ <tscreen><verb> # mknod /chroot/named/dev/null c 1 3 </verb></tscreen> ¡ÚÌõÃí <tscreen><verb> # chmod go+w /chroot/named/dev/null </verb></tscreen> ¤âÉ¬Í×¤À¤È»×¤¤¤Þ¤¹¡£¡Û  ºÇ¸å¤Ë¡¢¤µ¤é¤Ë¥Õ¥¡¥¤¥ë¤ò 2¡Á3¡¢jail ÆâÉô¤Î <tt>/etc</> ¥Ç¥£¥ì¥¯¥È¥ê¤Ë »ý¤Ã¤Æ¤¯¤ëÉ¬Í×¤¬¤¢¤ê¤Þ¤¹¡£ ÆÃ¤Ë <tt>/etc/localtime</> (¥·¥¹¥Æ¥à¤Ë¤è¤Ã¤Æ¤Ï <tt>/usr/lib/zoneinfo/localtime</> ¤«¤â¤·¤ì¤Þ¤»¤ó) ¤¬¡¢ BIND ¤ËÀµ¤·¤¤»þ¹ï¤Ç¥í¥°µÏ¿¤ò¤µ¤»¤ë¤Ë¤ÏÉ¬Í×¤Ç¤¹¡£ ¤Þ¤¿ <tt>named</> ¥°¥ë¡¼¥×¤Î´Þ¤Þ¤ì¤ë´ÊÃ±¤Ê <tt>group</> ¥Õ¥¡¥¤¥ë¤âºîÀ®¤¹¤ëÉ¬Í×¤¬¤¢¤ê¤Þ¤¹¡£ °Ê²¼¤Î¥³¥Þ¥ó¥É¤¬¤³¤ì¤é¤ÎÌÌÅÝ¤ò¸«¤Æ¤¯¤ì¤Þ¤¹¡£ <tscreen><verb> # cp /etc/localtime /chroot/named/etc/ # echo 'named:x:200:' > /chroot/named/etc/group </verb></tscreen>  GID (¤³¤ÎÎã¤Ç¤Ï 200) ¤Ë¤´ÃíÌÜ¡£ Àè¤ËËÜÅö¤Î <tt>/etc/group</> ¤ÇÄêµÁ¤·¤¿¤â¤Î¤ÈÆ±¤¸¤Ë¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£  <sect1>¥í¥°µÏ¿<label id="logging">  ËÜÊª¤Î¼ü¿Í¤È¤Ï°Û¤Ê¤ê¡¢BIND ¤Ï¥í¥°µÏ¿¤òÊÉ¤Ë½ñ¤¯¤³¤È¤Ï¤Ç¤¤Þ¤»¤ó :-)¡£ ÄÌ¾ï BIND ¤Ï¥í¥°¤ò¡¢¥·¥¹¥Æ¥à¤Î¥í¥®¥ó¥°¥Ç¡¼¥â¥ó¤Ç¤¢¤ë <tt/syslogd/ ·ÐÍ³¤ÇµÏ¿¤·¤Þ¤¹¡£ ¤³¤Î¥¿¥¤¥×¤Î¥í¥°µÏ¿¤Ï¡¢ÆÃ¼ì¤Ê¥½¥±¥Ã¥È¤Ç¤¢¤ë <tt>/dev/log</> ¤òÄÌ¤·¤Æ¥í¥°¥¨¥ó¥È¥ê¤òÁ÷¿®¤¹¤ë¤³¤È¤Ç¹Ô¤ï¤ì¤Þ¤¹¡£ ¤·¤«¤·¤³¤ì¤Ï jail ¤Î³°Éô¤Ë¤¢¤ê¤Þ¤¹¤«¤é¡¢BIND ¤«¤é¤Ï»È¤¨¤Þ¤»¤ó¡£ ¤Ç¤â¤¢¤ê¤¬¤¿¤¤¤³¤È¤Ë¡¢¤³¤ì¤ò²ò·è¤¹¤ëÊýË¡¤Ï¤¤¤¯¤Ä¤«Â¸ºß¤·¤Þ¤¹¡£  <sect2>ÍýÁÛÅª¤Ê²ò  ¤³¤Î¥¸¥ì¥ó¥Þ¤ËÂÐ¤¹¤ëÍýÁÛÅª¤Ê²ò·èË¡¤Ë¤Ï¡¢ OpenBSD ¤ÇÆ³Æþ¤µ¤ì¤¿ <tt/-a/ ¥¹¥¤¥Ã¥Á¤ò¥µ¥Ý¡¼¥È¤¹¤ë¡¢ Èæ³ÓÅª¿·¤·¤¤¥Ð¡¼¥¸¥ç¥ó¤Î <tt/syslogd/ ¤¬É¬Í×¤Ç¤¹¡£ <tt/syslogd(8)/ ¤Î man ¥Ú¡¼¥¸¤ò¥Á¥§¥Ã¥¯¤·¤Æ¡¢ ¼«Ê¬¤Î»È¤Ã¤Æ¤¤¤ë¤Î¤¬¤³¤ì¤«¤É¤¦¤«¸«¤Æ¤¯¤À¤µ¤¤¡£  ¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤ì¤Ð¡¢<tt/syslogd/ ¤òµ¯Æ°¤¹¤ëºÝ¤Î¥³¥Þ¥ó¥É¥é¥¤¥ó¤Ë ``<tt>-a /chroot/named/dev/log</>'' ¤òÄÉ²Ã¤¹¤ë¤À¤±¤Ç OK ¤Ç¤¹¡£ SysV-init ¤ò¤¹¤Ù¤Æ»È¤Ã¤Æ¤¤¤ë¥·¥¹¥Æ¥à (Linux ¥Ç¥£¥¹¥È¥ê¥Ó¥å¡¼¥·¥ç¥ó¤Î¤Û¤È¤ó¤É¤Ï¤½¤¦) ¤Ê¤é¡¢ µ¯Æ°¤ÏÄÌ¾ï <tt>/etc/rc.d/init.d/syslog</> ¥Õ¥¡¥¤¥ë¤Ç¤Ê¤µ¤ì¤Þ¤¹¡£ Îã¤¨¤Ð¡¢»ä¤Î Red Hat Linux ¥·¥¹¥Æ¥à¤Ç¤Ï¡¢»ä¤Ï <tscreen><verb> daemon syslogd -m 0 </verb></tscreen>  ¤Î¹Ô¤ò <tscreen><verb> daemon syslogd -m 0 -a /chroot/named/dev/log </verb></tscreen> ¤ÈÊÑ¹¹¤·¤Þ¤·¤¿¡£  Caldera OpenLinux ¥·¥¹¥Æ¥à¤Ç¤Ï <tt/ssd/ ¤È¤¤¤¦¥Ç¡¼¥â¥ó¥é¥ó¥Á¥ã¤ò»È¤Ã¤Æ¤ª¤ê¡¢ ¤³¤ì¤ÏÀßÄê¤ò <tt>/etc/sysconfig/daemons/syslog</> ¤«¤éÆÉ¤ß¤Þ¤¹¡£ ¤³¤ÎÃæ¤Î¥ª¥×¥·¥ç¥ó¹Ô¤ò°Ê²¼¤Î¤è¤¦¤Ë½¤Àµ¤¹¤ë¤À¤±¤Ç¤¹¡£ <tscreen><verb> OPTIONS_SYSLOGD="-m 0 -a /chroot/named/dev/log" </verb></tscreen>  Æ±ÍÍ¤Ë SuSE ¥·¥¹¥Æ¥à¤Ç¤Ï¡¢ ¤³¤Î¥¹¥¤¥Ã¥Á¤Ï <tt>/etc/rc.config</> ¥Õ¥¡¥¤¥ë¤ËÄÉ²Ã¤¹¤ë¤Î¤¬ÎÉ¤¤¤½¤¦¤Ç¤¹¡£ <tscreen><verb> SYSLOGD_PARAMS="" </verb></tscreen>  ¤È¤¤¤¦¹Ô¤ò <tscreen><verb> SYSLOGD_PARAMS="-a /chroot/named/dev/log" </verb></tscreen>  ¤È¤¹¤ì¤Ð OK ¤Ç¤¹¡£ ¡ÚÌõÃí: Debian ¤Ê¤é <tt>/etc/init.d/syslogd</> ¤Î <tscreen><verb> SYSLOGD="" </verb></tscreen> ¤È¤¤¤¦¹Ô¤ò <tscreen><verb> SYSLOGD="-a /chroot/named/dev/log" </verb></tscreen> ¤È¤·¤Þ¤¹¡£¡Û  ¤ª»È¤¤¤Î¥·¥¹¥Æ¥à¤Ç¤ÎÊÑ¹¹ÊýË¡¤¬¤ï¤«¤Ã¤¿¤é¡¢ <tt/syslogd/ ¤òºÆµ¯Æ°¤¹¤ë¤À¤±¤Ç¤¹¡£kill ¤·¤ÆºÆ¤Ó (ÄÉ²Ã¥Ñ¥é¥á¡¼¥¿¤È¤È¤â¤Ë) µ¯Æ°¤·¤Æ¤â¤¤¤¤¤Ç¤¹¤·¡¢ SysV-init ¥¹¥¯¥ê¥×¥È¤ò»È¤Ã¤Æ¼¡¤Î¤è¤¦¤Ë¤¹¤ë¤Î¤Ç¤âÎÉ¤¤¤Ç¤·¤ç¤¦¡£ <tscreen><verb> # /etc/rc.d/init.d/syslog stop # /etc/rc.d/init.d/syslog start </verb></tscreen>  ºÆµ¯Æ°¤Ç¤¤¿¤é¡¢<tt>/chroot/named/dev</> ¤Ë °Ê²¼¤Î¤è¤¦¤Ê <tt/log/ ¤È¤¤¤¦¡Ö¥Õ¥¡¥¤¥ë¡×¤¬¤Ç¤¤Æ¤¤¤ë¤Ï¤º¤Ç¤¹¡£ <verb>srw-rw-rw- 1 root root 0 Mar 13 20:58 log</verb>  <sect2>ÊÌ¤Î²ò  ¸Å¤¤ <tt/syslogd/ ¤ò»È¤Ã¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢ ¥í¥°¤ò¼è¤ë¤Ë¤ÏÊÌ¤ÎÊýË¡¤ò¸«¤Ä¤±¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£ Îã¤¨¤Ð <tt/hoellogd/ ¤Î¤è¤¦¤Ê¡¢ ¡Ö¥×¥í¥¥·¡×¤È¤·¤ÆÆ°ºî¤¹¤ë¤è¤¦Àß·×¤µ¤ì¤Æ¤¤¤ë¥×¥í¥°¥é¥à¤âÂ¸ºß¤·¤Þ¤¹¡£ ¤³¤ì¤Ï chroot ¤µ¤ì¤¿ BIND ¤«¤é¥í¥°¥¨¥ó¥È¥ê¤ò¼õ¤±¼è¤ê¡¢ ¤½¤ì¤òÄÌ¾ï¤Î <tt>/dev/log</> ¥½¥±¥Ã¥È¤ËÅÏ¤·¤Þ¤¹¡£  ¤¢¤ë¤¤¤Ï¡¢BIND ¤òÀßÄê¤·¤Æ¡¢¥í¥°¤ò syslog ¤ËÁ÷¤ë¤Î¤Ç¤Ï¤Ê¤¯ ¥Õ¥¡¥¤¥ë¤Ë½ñ¤¤³¤à¤è¤¦¤Ë¤â¤Ç¤¤Þ¤¹¡£ ¤³¤ÎÊýË¡¤òÁª¤Ö¤Ê¤é¡¢BIND ¤ÎÊ¸½ñ¤Ë¤¢¤¿¤Ã¤Æ¾ÜºÙ¤òÄ´¤Ù¤Æ¤¯¤À¤µ¤¤¡£  <sect>BIND ¤Î¥³¥ó¥Ñ¥¤¥ë<label id="compiling"> ¡ÚÌõÃí: ¤³¤Î¾Ï¤ÎÆâÍÆ¤Ï¡¢ <tt/ndc/ ¤Î <tt/-c/, <tt/-p/, <tt/-n/ ¤È¤¤¤Ã¤¿¥ª¥×¥·¥ç¥ó¤ò»È¤¨¤Ð ²ò·è²ÄÇ½¤Ç¤Ï¤Ê¤¤¤«¤È»×¤¤¤Þ¤¹¡£ ¤³¤ì¤é¤Ï¤½¤ì¤¾¤ì¡¢ <tt/named/ ¤È¤ÎÄÌ¿®¤Ë»È¤¦¥½¥±¥Ã¥È¡¢ pid ¥Õ¥¡¥¤¥ë¡¢<tt/named/ ËÜÂÎ¡¢¤ò¥Ç¥Õ¥©¥ë¥È°Ê³°¤Ë¤¹¤ë¤â¤Î¤Ç¤¹ (<tt/-n/ ¤Ï undocumented ¤Ç¤¹¤¬)¡£ <tt/ndc/ ¤Î¼Â¹Ô»þ¤Ë <tt>-c /chroot/named/var/run/ndc</> <tt>-p /chroot/named/var/run/named.pid</> <tt>-n /chroot/named/usr/sbin/named</> ¤ò»ØÄê¤·¤Æ¤ä¤ì¤Ð¡¢ ¥Ç¥£¥¹¥È¥ê¥Ó¥å¡¼¥·¥ç¥ó¤ÇÇÛÉÛ¤µ¤ì¤Æ¤¤¤ë¥Ð¥¤¥Ê¥ê¤¬ ¤½¤Î¤Þ¤Þ»È¤¨¤ë¤«¤È»×¤¤¤Þ¤¹¡£¡Û  BIND ¤Î¥½¡¼¥¹¤Ï <url url="http://www.isc.org/bind.html"> ¤Ç¸«¤Ä¤«¤ë¤Ï¤º¤Ç¤¹¡£ É¬Í×¤Ê¤Î¤Ï <tt>bind-src.tar.gz</> ¥Ñ¥Ã¥±¡¼¥¸¤Ç¤¹¡£ ³Î¼Â¤ËºÇ¿·ÈÇ¤òÆþ¼ê¤¹¤ë¤³¤È!  <sect1>¥Ñ¥¹¤Î½¤Àµ  ¤³¤³¤Ç¤Á¤ç¤Ã¤È»öÂÖ¤ÏÊ£»¨¤Ë¤Ê¤ê¤Þ¤¹¡£ BIND ¥Ñ¥Ã¥±¡¼¥¸¤Î¸Ä¡¹¤ÎÉôÊ¬¤¬¡¢ Æ±¤¸¥Ç¥£¥ì¥¯¥È¥ê¤ò (jail ÆâÉô¤Ç¼Â¹Ô¤·¤Æ¤¤¤ë¤«¤É¤¦¤«¤Ë¤è¤Ã¤Æ) ÊÌ¡¹¤ÎÌ¾Á°¤Ç»²¾È¤¹¤ë¤«¤é¤Ç¤¹¡£ ¤¬¡¢¤Ç¤¤ë¤À¤±ÆÉ¼Ô¤òº®Íð¤µ¤»¤Ê¤¤¤è¤¦´èÄ¥¤ê¤Þ¤¹ :-)  ÆÃ¤Ëµ¤¤ò¤Ä¤±¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¥Ç¥£¥ì¥¯¥È¥ê¤¬ <tt>/var/run</> ¤Ç¤¹¡£ ¤³¤³¤ÎÃæ¿È¤¬¡¢¥á¥¤¥ó¤Î <tt/named/ ¥Ç¡¼¥â¥ó (jail ÆâÉô) ¤È <tt/ndc/ ¥æ¡¼¥Æ¥£¥ê¥Æ¥£ (jail ³°Éô) ¤ÎÎ¾Êý¤ÇÉ¬Í×¤È¤Ê¤ë¤«¤é¤Ç¤¹¡£ ¤Þ¤º¤³¤Î¥Ç¥£¥ì¥¯¥È¥ê¤¬¡¢³°ÉôÀ¤³¦¤«¤é¸«¤Ä¤«¤ë¤è¤¦¤ËÁ´ÂÎ¤òÀßÄê¤·¤Þ¤·¤ç¤¦¡£ ¤³¤ì¤ò¹Ô¤¦¤Ë¤Ï <tt>src/port/linux/Makefile.set</> (Linux °Ê³°¤ò»È¤Ã¤Æ¤¤¤ë¿Í¤ÏÊÌ¤Î¥Ç¥£¥ì¥¯¥È¥ê¤Ç¤¹) ¤Î <tscreen><verb> DESTRUN=/var/run </verb></tscreen>  ¤È¤¤¤¦¹Ô¤ò <tscreen><verb> DESTRUN=/chroot/named/var/run </verb></tscreen>  ¤Ë½¤Àµ¤·¤Þ¤¹¡£¥¤¥ó¥¹¥È¡¼¥ëÀè¤Î¥Ñ¥¹¤ò <tt>/usr</> ¤«¤é <tt>/usr/local</> ¤ØÊÑ¹¹¤·¤¿¤¤¿Í¤Ï¡¢ ¤³¤³¤Ç¤½¤¦¤·¤Æ¤¯¤À¤µ¤¤¡£  ¤³¤ì¤Ç¡¢¤¹¤Ù¤Æ¤Î¤â¤Î¤«¤é¥Ç¥£¥ì¥¯¥È¥ê¤¬¸«¤Ä¤«¤ë¤è¤¦¤Ë¤Ê¤Ã¤¿¤Ï¤º¤Ç¤¹¡£ ¤¿¤À¤·¡¢<tt/named/ ¥Ç¡¼¥â¥ó¤ò½ü¤¤¤Æ¤Ï¡£ ¤³¤ì¤Ï jail ÆâÉô¤Î <tt>/var/run</> ¤ò¸«¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¤Î¤Ç¤¹¡£ ¤³¤ÎÌäÂê¤òÈò¤±¤ë¤Ë¤Ï¡¢<tt/named/ ¤Î¥½¡¼¥¹¤Ë¾¯¡¹ÊÑ¹¹¤¬É¬Í×¤Ç¤¹¡£ <tt>src/bin/named/named.h</> ¥Õ¥¡¥¤¥ëÃæ¤Î¼¡¤Î¹Ô¤ò¸«¤Ä¤±¤Æ¤¯¤À¤µ¤¤¡£ <tscreen><verb> #include "pathnames.h" </verb></tscreen>  ¤³¤ÎÄ¾¸å¤Ë <tscreen><verb> #define _PATH_NDCSOCK "/var/run/ndc" </verb></tscreen> ¤òÄÉ²Ã¤·¤Þ¤¹¡£  ¤³¤¦¤¹¤ì¤Ð <tt/named/ ¤ÏÀè¤Ë <tt/Makefile.set/ ¤ÇÄêµÁ¤·¤¿ <tt/DESTRUN/ ¤òÌµ»ë¤·¡¢ (chroot jail ¤«¤é¸«¤Æ) Àµ¤·¤¤¾ì½ê¤ò»²¾È¤·¤Æ¤¯¤ì¤Þ¤¹¡£ ¥Ó¥ë¥É¤ÎºÇÃæ¤Ë _PATH_NDCSOCK ¤¬ºÆÄêµÁ¤µ¤ì¤Æ¤¤¤ë¤È¤¤¤¦ warning ¤¬½Ð¤Þ¤¹¤¬¡¢Ìµ»ë¤·¤Æ¹½¤¤¤Þ¤»¤ó¡£  <sect1>¥Ó¥ë¥É¤¹¤ë  ¤Ç¤Ï BIND ¤ò¥³¥ó¥Ñ¥¤¥ë¤·¤Þ¤·¤ç¤¦¡£ ¥³¥ó¥Ñ¥¤¥ë¤Ï <tt/INSTALL/ ¥Õ¥¡¥¤¥ë¤Ë½¾¤Ã¤ÆÉáÄÌ¤Ë¤Ç¤¤Þ¤¹¡£ ¤³¤ÎÃÊ³¬¤Ç¤Ï BIND ¤Î¥³¥ó¥Ñ¥¤¥ë¤À¤±¤ò¹Ô¤¤¡¢ ¥¤¥ó¥¹¥È¡¼¥ë¤Ï¤·¤Þ¤»¤ó¡£ <tt/INSTALL/ ¥Õ¥¡¥¤¥ë¤Î¤¢¤Þ¤êÀè¤Î¤Û¤¦¤Þ¤Ç¤Ï¹Ô¤«¤Ê¤¤¤è¤¦¤Ë¡£ ¼ÂºÝ¤Ë¤Ï <tt/make clean/, <tt/make depend/, <tt/make/ ¤À¤±¤ò¹Ô¤¨¤ÐÎÉ¤¤¤Ç¤¹¡£  <sect>¤Ç¤¤¿¤Æ¤Î BIND ¤Î¥¤¥ó¥¹¥È¡¼¥ë<label id="installing">  ´û¤Ë BIND ¤¬ (Îã¤¨¤Ð RPM ¤«¤é) ¥¤¥ó¥¹¥È¡¼¥ëºÑ¤ß¤Ê¤é¡¢ ¿·¤·¤¤ BIND ¤ò¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ëÁ°¤Ë¡¢¤½¤ì¤é¤òºï½ü¤·¤Æ¤ª¤¤Þ¤·¤ç¤¦¡£ Red Hat ¤Î¥·¥¹¥Æ¥à¤Ê¤é¡¢ <tt/bind/ ¥Ñ¥Ã¥±¡¼¥¸¤È <tt/bind-utils/ ¥Ñ¥Ã¥±¡¼¥¸¤òºï½ü¤¹¤ì¤Ð¤¤¤¤¤Ç¤¹¡£ ¤â¤· <tt/bind-devel/ ¤ä <tt/caching-nameserver/ ¤¬¤¢¤Ã¤¿¤é¡¢ ¤½¤ì¤é¤âºï½ü¤·¤Æ¤ª¤¤Þ¤·¤ç¤¦¡£  init ¥¹¥¯¥ê¥×¥È (<tt>/etc/rc.d/init.d/named</>) ¤¬¤¢¤Ã¤¿¤é¡¢¥Ñ¥Ã¥±¡¼¥¸¤Îºï½üÁ°¤Ë¥³¥Ô¡¼¤òÊÝÂ¸¤·¤Æ¤ª¤¯¤È¤¤¤¤¤Ç¤·¤ç¤¦¡£ ¸å¤ÇÌò¤ËÎ©¤Á¤Þ¤¹¡£  <sect1>jail ³°Éô¤Ø¤Î¥Ä¡¼¥ë¤Î¥¤¥ó¥¹¥È¡¼¥ë  ¤³¤ì¤Ï´ÊÃ±¤ÊÊý¤Ç¤¹ :-) <tt/make install/ ¤ò¼Â¹Ô¤¹¤ì¤ÐÁ´Éô¤ä¤Ã¤Æ¤¯¤ì¤Þ¤¹¡£ chroot ¤Ç¤Ê¤¤¤Û¤¦¤Î BIND ¤ò´Ö°ã¤Ã¤Æ¼Â¹Ô¤·¤Ê¤¤¤è¤¦¤Ë¡¢ ¤¢¤È¤Ç <tt>chmod 000 /usr/local/sbin/named</> ¤ò¼Â¹Ô¤·¤Æ¤ª¤¯¤È¤¤¤¤¤«¤â¤·¤ì¤Þ¤»¤ó (Àè¤Ë»ä¤¬¤ª¤¹¤¹¤á¤·¤¿ <tt>/usr/local/sbin</> ¤òÁª¤Ð¤Ê¤«¤Ã¤¿¿Í¤Ï¡¢ ¤³¤³¤Ç¤Ï <tt>/usr/sbin/named</> ¤Ë¤Ê¤ê¤Þ¤¹)¡£ ¡ÚÌõÃí: ¥Ð¥¤¥Ê¥ê¤ÎºÆ¥Ó¥ë¥É¤ò¤·¤Ê¤±¤ì¤Ð¡¢¤³¤³¤Îºî¶È¤ÏÉÔÍ×¤Ç¤¹¤Í¡£¡Û  <sect1>¥Ð¥¤¥Ê¥ê  chroot jail ¤ÎÃæ¤ÇÀ¸³è¤¹¤ëÉ¬Í×¤¬¤¢¤ë¤Î¤Ï 2 ¤Ä¤Î¥×¥í¥°¥é¥à¤À¤±¤Ç¤¹¡£ ¥á¥¤¥ó¤Î <tt/named/ ¥Ç¡¼¥â¥ó¼«¿È¤È <tt/named-xfer/ ¤Ç¤¹¡£¸å¼Ô¤Ï¥¾¡¼¥óÅ¾Á÷¤ËÍÑ¤¤¤é¤ì¤Þ¤¹¡£ ¥½¡¼¥¹¥Ä¥ê¡¼¤«¤é¥³¥Ô¡¼¤¹¤ë¤À¤±¤Ç OK ¤Ç¤¹¡£ <tscreen><verb> # cp src/bin/named/named /chroot/named/bin # cp src/bin/named-xfer/named-xfer /chroot/named/bin </verb></tscreen> ¡ÚÌõÃí: <label id="trans_dir-structure"> ¥Ð¥¤¥Ê¥ê¤ÎºÆ¥Ó¥ë¥É¤ò¤·¤Ê¤±¤ì¤Ð¡¢ ¤³¤³¤Ç¤Ï¥Ñ¥Ã¥±¡¼¥¸¤Ë´Þ¤Þ¤ì¤ë <tt/named/, <tt/named-xfer/ ¤ò°ÜÆ°¤¹¤ì¤ÐÎÉ¤¤¤Ç¤¹¡£ Ìõ¼Ô¤È¤·¤Þ¤·¤Æ¤Ï¡¢ °ÜÆ°Àè¤Ë¤Ï¥Ç¥Õ¥©¥ë¥È¤òÈ¿±Ç¤µ¤»¤Æ <tt>/chroot/named/usr/sbin</> ¤ÎÊý¤ò¤ª¤¹¤¹¤á¤·¤¿¤¤¤Î¤Ç¤¹¤¬¡£¡Û  <sect1>init ¥¹¥¯¥ê¥×¥È¤òÊÔ½¸¤¹¤ë¡£  ¥Ç¥£¥¹¥È¥ê¥Ó¥å¡¼¥·¥ç¥ó¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ë init ¥¹¥¯¥ê¥×¥È¤¬¤¢¤ì¤Ð¡¢ ¤½¤ì¤ò <tt>/chroot/named/bin/named</> ¤ò Å¬ÀÚ¤Ê¥¹¥¤¥Ã¥Á¤È¤È¤â¤Ëµ¯Æ°¤¹¤ë¤è¤¦ÊÑ¹¹¤¹¤ë¤Î¤¬ºÇ¤â´ÊÃ±¤Ç¤·¤ç¤¦¡£ ¥¹¥¤¥Ã¥Á¤Ï... <it/(¤³¤³¤Ç¥É¥é¥à¥í¡¼¥ë...)/ <itemize>  <item><tt/-u named/, ¤³¤ì¤Ï BIND ¤ò¥æ¡¼¥¶ <tt/root/ ¤Ç¤Ï¤Ê¤¯ <tt/named/ ¤Ç¼Â¹Ô¤·¤Þ¤¹¡£ <item><tt/-g named/, ¤³¤ì¤Ï BIND ¤ò¥°¥ë¡¼¥× <tt/root/ ¤ä <tt/wheel/ ¤Ç¤Ï¤Ê¤¯ <tt/named/ ¤Ç¼Â¹Ô¤·¤Þ¤¹¡£ <item><tt>-t /chroot/named</>, ¤³¤ì¤Ï¤Ë¤è¤ê BIND ¤Ï¼«Ê¬¼«¿È¤ò (Àè¤ËÍÑ°Õ¤·¤¿) jail ¤Ë chroot ¤·¤Þ¤¹¡£ </itemize>  °Ê²¼¤Î init ¥¹¥¯¥ê¥×¥È¤Ï¡¢Ãø¼Ô¤¬¼«Ê¬¤Î Red Hat 6.0 ¥·¥¹¥Æ¥à¤Ç»È¤Ã¤Æ¤¤¤ë¤â¤Î¤Ç¤¹¡£ ¤ª¤ï¤«¤ê¤Î¤È¤ª¤ê¡¢¤Û¤È¤ó¤É¤Ï Red Hat ¤Î¤â¤Î¤ÈÊÑ¤ï¤ê¤¢¤ê¤Þ¤»¤ó¡£ <tt/ndc restart/ ¥³¥Þ¥ó¥É¤â¾¯¡¹ÊÑ¹¹¤·¡¢ chroot ¤òÊÝ¤Ã¤¿¤Þ¤ÞÀµ¤·¤¯¥µ¡¼¥Ð¤òºÆµ¯Æ°¤¹¤ë¤è¤¦¤Ë¤·¤Æ¤¢¤ê¤Þ¤¹¡£ ¤³¤ì¤ò¤½¤Î¤Þ¤Þ¥³¥Ô¡¼¤·¤¿¤À¤±¤Ç¤Ï»È¤¨¤Ê¤¤¾ì¹ç¤Ç¤â¡¢ ¤ª»È¤¤¤Î init ¥¹¥¯¥ê¥×¥È¤ËÆ±¤¸ÊÑ¹¹¤Ï´ÊÃ±¤Ë¹Ô¤¨¤ë¤Ï¤º¤Ç¤¹¡£ <code> #!/bin/sh # # named This shell script takes care of starting and stopping # named (BIND DNS server). # # chkconfig: 345 55 45 # description: named (BIND) is a Domain Name Server (DNS) \ # that is used to resolve host names to IP addresses. # probe: true # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} = "no" ] && exit 0 [ -f /chroot/named/bin/named ] || exit 0 [ -f /chroot/named/etc/named.conf ] || exit 0 # See how we were called. case "$1" in start) # Start daemons. echo -n "Starting named: " daemon /chroot/named/bin/named -u named -g named -t /chroot/named echo touch /var/lock/subsys/named ;; stop) # Stop daemons. echo -n "Shutting down named: " killproc named rm -f /var/lock/subsys/named echo ;; status) /usr/local/sbin/ndc status exit $? ;; restart) /usr/local/sbin/ndc -n /chroot/named/bin/named "restart -u named -g named -t /chroot/named" exit $? ;; reload) /usr/local/sbin/ndc reload exit $? ;; probe) # named knows how to reload intelligently; we don't want linuxconf # to offer to restart every time /usr/local/sbin/ndc reload >/dev/null 2>&1 || echo start exit 0 ;; *) echo "Usage: named {start|stop|status|restart}" exit 1 esac exit 0 </code>  Caldera OpenLinux ¥·¥¹¥Æ¥à¤Ç¤Ï¡¢ ÀèÆ¬ÉÕ¶á¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤ëÊÑ¿ô¤ò½¤Àµ¤·¡¢°Ê²¼¤Î¤è¤¦¤Ë¤¹¤ì¤Ð OK ¤Ç¤¹¡£ <tscreen><verb> NAME=named DAEMON=/chroot/named/bin/$NAME OPTIONS="-t /chroot/named -u named -g named" </verb></tscreen> ¡ÚÌõÃí: Àè¤Ë½Ò¤Ù¤¿¤è¤¦¤Ë¡¢ <tt/ndc/ ¤Ë <tt/-c/, <tt/-p/, <tt/-n/ ¤Ê¤É¤Î¥ª¥×¥·¥ç¥ó¤òÍÑ¤¤¤ì¤Ð¡¢ ¥Ð¥¤¥Ê¥ê¤ÎºÆ¥³¥ó¥Ñ¥¤¥ë¤ÏÌõ¼Ô¤Î´Ä¶¤Ç¤ÏÉÔÍ×¤Ç¤·¤¿¡£ Ìõ¼Ô¤¬ Debian ¤Ç»È¤Ã¤Æ¤¤¤ë init ¥¹¥¯¥ê¥×¥È (<tt>/etc/init.d/bind</>) ¤ò°Ê²¼¤Ë¼¨¤·¤Þ¤¹¡£ <code> #!/bin/sh PATH=/sbin:/bin:/usr/sbin:/usr/bin test -x /chroot/named/usr/sbin/named || exit 0 case "$1" in start) echo -n "Starting domain name service: named" start-stop-daemon --start --quiet --exec /chroot/named/usr/sbin/named \ -- -u named -g named -t /chroot/named echo "." ;; stop) echo -n "Stopping domain name service: named" start-stop-daemon --stop --quiet \ --pidfile /chroot/named/var/run/named.pid \ --exec /chroot/named/usr/sbin/named echo "." ;; restart) /usr/sbin/ndc -c /chroot/named/var/run/ndc \ -n /chroot/named/usr/sbin/named \ -p /chroot/named/var/run/named.pid \ "restart -u named -g named -t /chroot/named" ;; reload) /usr/sbin/ndc -c /chroot/named/var/run/ndc \ -n /chroot/named/usr/sbin/named \ -p /chroot/named/var/run/named.pid \ reload ;; force-reload) $0 restart ;; *) echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2 exit 1 ;; esac exit 0 </code> ¥Ð¥¤¥Ê¥ê¥Õ¥¡¥¤¥ë (<tt/named/ ¤È <tt/named-xfer/) ¤ÎÃÖ¾ì½ê¤Ï <ref id="trans_dir-structure" name="¥Ç¥£¥ì¥¯¥È¥ê¹½Â¤¤Ë´Ø¤¹¤ëÌõÃí"> ¤Î¤È¤³¤í¤Ç½ñ¤¤¤¿¤è¤¦¤Ë¡¢chroot jail Æâ¤Î <tt>/usr/sbin</> ¤Ë¤·¤Æ¤¤¤Þ¤¹¡£¡Û  <sect1>ÀßÄê¤òÊÑ¹¹¤¹¤ë  <tt/named.conf/ ¤Ë¤â¤¤¤¯¤Ä¤«ÄÉ²Ã¡¦½¤Àµ¤ò¹Ô¤¤¡¢ ¤¤¤í¤¤¤í¤Ê¥Ç¥£¥ì¥¯¥È¥ê¤¬Àµ¤·¤¯Æ°ºî¤¹¤ë¤è¤¦¤Ë¤¹¤ëÉ¬Í×¤¬¤¢¤ê¤Þ¤¹¡£ ÆÃ¤Ë¡¢°Ê²¼¤ò <tt/option/ ¥»¥¯¥·¥ç¥ó¤ËÄÉ²Ã (¤¢¤ë¤¤¤Ï¤¹¤Ç¤Ë¤¢¤ì¤Ð½¤Àµ) ¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£ <tscreen><verb> directory "/etc/namedb"; pid-file "/var/run/named.pid"; named-xfer "/bin/named-xfer"; </verb></tscreen>  ¤³¤ì¤é¤Î¥Õ¥¡¥¤¥ë¤Ï <tt/named/ ¥Ç¡¼¥â¥ó¤¬ÆÉ¤à¤³¤È¤Ë¤Ê¤ë¤Î¤Ç¡¢ ¤â¤Á¤í¤ó¥Ñ¥¹¤Ï¤¹¤Ù¤Æ chroot jail ÆâÉô¤Ç¤ÎÁêÂÐ°ÌÃÖ¤Ë¤Ê¤ê¤Þ¤¹¡£ ¡ÚÌõÃí: <ref id="trans_named.conf" name="named.conf ¤Ë´Ø¤¹¤ëÌõÃí"> ¤Î¤È¤³¤í¤Ç½ñ¤¤Þ¤·¤¿¤¬¡¢ directory ¤Ï°ì»þ¥Õ¥¡¥¤¥ë¤ÎÃÖ¤¾ì½ê¤Ç¤¢¤ë¤ÈÆ±»þ¤Ë ¥¾¡¼¥ó¥Õ¥¡¥¤¥ë¤Î¥Ñ¥¹»ØÄê¤Î¥Ù¡¼¥¹¥Ç¥£¥ì¥¯¥È¥ê¤Ë¤Ê¤ë¤È¤³¤í¤Ç¤¹¡£ pid-file ¤Ï¥Ç¥Õ¥©¥ë¥È¤ÈÆ±¤¸¤Ê¤Î¤ÇÆÃ¤Ë»ØÄê¤ÎÉ¬Í×¤Ï¤Ê¤·¡¢ named-xfer ¤Ï <ref id="trans_dir-structure" name="¥Ç¥£¥ì¥¯¥È¥ê¹½Â¤¤Ë´Ø¤¹¤ëÌõÃí"> ¤Ç½ñ¤¤¤¿¤è¤¦¤Ë¡¢¥Ð¥¤¥Ê¥ê¤ò <tt>/chroot/named/usr/sbin</> ¤ËÃÖ¤±¤Ð»ØÄê¤·¤Ê¤¯¤ÆÎÉ¤¤¤Ï¤º¤Ç¤¹¡£¡Û  ²¿¿Í¤«¤Î¿Í¤Î¥ì¥Ý¡¼¥È¤Ë¤è¤ì¤Ð¡¢ °Ê²¼¤ÎÍ¾Ê¬¤Ê¥Ö¥í¥Ã¥¯¤ò <tt/named.conf/ ¤Ë½ñ¤«¤Ê¤¤¤È¡¢ <tt/ndc/ ¤¬Àµ¤·¤¯Æ°ºî¤·¤Ê¤¤¡¢¤È¤Î¤³¤È¤Ç¤¹¡£ <tscreen><verb> controls { unix "/var/run/ndc" perm 0600 owner 0 group 0; }; </verb></tscreen>  <sect>¥¸¡¦¥¨¥ó¥É  <sect1>BIND ¤Îµ¯Æ°  ¤³¤ì¤Ç¤¹¤Ù¤Æ¤ÎÀßÄê¤¬½ªÎ»¤·¤Þ¤·¤¿¡£¿·¤·¤¤¡¢ ¤è¤ê°ÂÁ´¤Ê BIND ¤ò¼Â¹Ô¤Ë°Ü¤»¤ë»þ¤¬Íè¤¿¤ï¤±¤Ç¤¹¡£ SysV ·Á¼°¤Î init ¥¹¥¯¥ê¥×¥È¤òÍÑ¤¤¤Æ¤¤¤ë¤Ê¤é¡¢ ¼¡¤Î¤è¤¦¤Ë¼Â¹Ô¤¹¤ë¤À¤±¤Ç¤¹¡£ <tscreen><verb> # /etc/rc.d/init.d/named start </verb></tscreen>  ¼Â¹ÔÁ°¤Ë¸Å¤¤¥Ð¡¼¥¸¥ç¥ó¤Î BIND ¤¬¼Â¹ÔÃæ¤À¤Ã¤¿¤é kill ¤¹¤ë¤Î¤òËº¤ì¤Ê¤¤¤è¤¦¤Ë¡£  ¥í¥°¤ò¸«¤ì¤Ð¡¢BIND ¤¬¥í¡¼¥É¤µ¤ì¤¿¤È¤¤Ë½é´ü²½¥á¥Ã¥»¡¼¥¸¤òµÏ¿¤·¤Æ¤¤¤ë¤Î¤¬ ¸«¤Ä¤«¤ë¤Ï¤º¤Ç¤¹ (¤â¤·¤Ê¤±¤ì¤Ð¡¢ <ref id="logging" name ="¥í¥°µÏ¿"> ¤Ç¤ÎÀßÄê¤ËÌäÂê¤¬¤¢¤ê¡¢ ½¤Àµ¤òÍ×¤·¤Þ¤¹)¡£ ¤³¤ì¤é¤Î¥á¥Ã¥»¡¼¥¸¤ÎÃæ¤Ç¡¢ BIND ¤Ï¤¦¤Þ¤¯ chroot ¤Ç¤¤¿¡¢ ¥æ¡¼¥¶/¥°¥ë¡¼¥× <tt/named/ ¤Çµ¯Æ°¤Ç¤¤¿¡¢ ¤¤¤¦¥á¥Ã¥»¡¼¥¸¤òÅÁ¤¨¤Æ¤¤¤ë¤Ï¤º¤Ç¤¹¡£ ¤â¤·¤½¤ì¤é¤¬¤Ê¤±¤ì¤Ð¡¢¤Ê¤Ë¤«ÌäÂê¤¬¤¢¤ê¤Þ¤¹¡£  <sect1>°Ê¾å!  ¤³¤ì¤Ç°Â¿´¤·¤ÆÌ²¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¤Í ;-)  <sect>ÉÕÏ¿ - ¸å¤Ë BIND ¤ò¥¢¥Ã¥×¥°¥ì¡¼¥É¤¹¤ë¤Ë¤Ï<label id="upgrading">  ¤µ¤Æ¡¢¤ä¤Ã¤È BIND 8.2.2_P7 ¤¬¤¦¤Þ¤¯ chroot ¤·¤Æ¡¢ Ë¾¤ß¤Î¤È¤ª¤ê¤Ë¥Á¥å¡¼¥ó¤Ç¤¤Þ¤·¤¿... ¤½¤¦¤·¤¿¤é¡¢¤³¤Î¥Ð¡¼¥¸¥ç¥ó¤Ë¡¢ ¥ê¥â¡¼¥È¤«¤é root ¤òÃ¥¤¨¤ë¥»¥¥å¥ê¥Æ¥£¥Û¡¼¥ë¤¬¸«¤Ä¤«¤Ã¤¿¡¢ ¤È¤ÎÊ¢Î©¤¿¤·¤¤±½¤¬Î®¤ì¤Æ¤¤Þ¤·¤¿¡£ ¤¹¤°¤Ë 8.2.3 ¤Ë¥¢¥Ã¥×¥°¥ì¡¼¥É¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£ ¤³¤Î¿·¤·¤¤¥Ð¡¼¥¸¥ç¥ó¤Ç¤â¡¢ ¤³¤³¤Þ¤Ç½Ò¤Ù¤Æ¤¤¿Ä¹¤¤¼êÂ³¤Á´ÂÎ¤ò·«¤êÊÖ¤µ¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¤Î¤Ç¤·¤ç¤¦¤«?  ¤¤¤¤¤¨¡£¼ÂºÝ¤ËÉ¬Í×¤Ê¤Î¤Ï¡¢ <ref id="compiling" name="BIND ¤Î¥³¥ó¥Ñ¥¤¥ë"> ¤Î¥»¥¯¥·¥ç¥ó¤È¡¢ <ref id="compiling" name="BIND ¤Î¥¤¥ó¥¹¥È¡¼¥ë"> ¤Î¥»¥¯¥·¥ç¥ó¤ÎºÇ½é¤Î 2 ¤Ä¡¢ ¥Ð¥¤¥Ê¥ê¤ò jail ¤ÎÆâ³°¤Ë¤½¤ì¤¾¤ì¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ëºî¶È¤À¤±¤Ç¤¹¡£  HOWTO ¤Î»Ä¤ê¤ÎÉôÊ¬¡¢jail ¤½¤ÎÂ¾¤òÀßÄê¤¹¤ë¤È¤³¤í¤Ï¡¢ BIND ¤Î¥Ð¡¼¥¸¥ç¥ó¤òÊÑ¹¹¤·¤Æ¤âÊÑ¤¨¤ëÉ¬Í×¤Ï¤¢¤ê¤Þ¤»¤ó¡£ ¿·¤·¤¤¥Ð¥¤¥Ê¥ê¤ò¸Å¤¤¥Ð¥¤¥Ê¥ê¤Î¾å¤Ë¾å½ñ¤¤¹¤ë¤À¤±¤Ç OK ¤Ç¤¹¡£ ¤¿¤À¤·¤½¤Î¸å BIND ¤ò kill ¤·¤ÆºÆµ¯Æ°¤¹¤ë¤³¤È¡£ ¤µ¤â¤Ê¤¤¤È´í¸±¤Ê¥Ð¡¼¥¸¥ç¥ó¤¬¤½¤Î¤Þ¤Þ¼Â¹Ô¤·Â³¤±¤Æ¤¤¤Þ¤¹¤«¤é!  <sect>ÉÕÏ¿ - ¼Õ¼<label id="thanks">  ¤³¤Î HOWTO ¤ÎºîÀ®¤Î½õ¤±¤È¤Ê¤Ã¤Æ¤¯¤À¤µ¤Ã¤¿¡¢ °Ê²¼¤ÎÊý¡¹¤Ë´¶¼Õ¤·¤Þ¤¹¡£ <itemize>  <item>Lonny Selinger <tt><lonny at abyss.za.org></> ¤Ï¡¢¤³¤Î HOWTO ¤ÎºÇ½é¤ÎÈÇ¤ò¡Ö¥Æ¥¹¥È¡×¤·¤Æ¤¯¤À¤µ¤ê¡¢ É¬Í×¤Ê¼êÂ³¤¤òÈô¤Ð¤·¤Æ¤¤¤Ê¤¤¤³¤È¤òÉ®¼Ô¤Ë³Î¿®¤µ¤»¤Æ¤¯¤ì¤Þ¤·¤¿¡£  <item>Chirik <tt><chirik at CastleFur.COM></>, Dwayne Litzenberger <tt><dlitz at dlitz.net></>, Phil Bambridge <tt><phil.b at cableinet.co.uk></>, Robert Cole <tt><rcole at metrum-datatape.com></>, Colin MacDonald <tt><colinm at telus.net></> ¤Û¤«¡¢ Â¿¤¯¤Î³§¤µ¤ó¤¬¤³¤ÎÊ¸½ñ¤Î´Ö°ã¤¤¡¢·çÍî¤ò»ØÅ¦¤·¤Æ¤¤¤¿¤À¤¡¢ ¤Þ¤¿¤³¤Î HOWOTO ¤ò¤è¤êÎÉ¤¯¤¹¤ë¤¿¤á¤ÎÍ±×¤Ê¥¢¥É¥Ð¥¤¥¹¤ò¤¯¤À¤µ¤¤¤Þ¤·¤¿¡£  <item>Erik Wallin <tt><erikw at sec.se></> ¤È Brian Cervenka <tt><brian at zerobelow.org></> ¤Ï¡¢jail ¤ò¤µ¤é¤Ë¶¯¸Ç¤Ë¤¹¤ë¤¿¤á¤Î¡¢ Í¥¤ì¤¿Äó°Æ¤òÁ÷¤Ã¤Æ¤¯¤ì¤Þ¤·¤¿¡£ </itemize>  ¤½¤·¤ÆºÇ¸å¤Ë¡¢ Chroot-BIND HOWTO ¤òÆüËÜ¸ì¤ËËÝÌõ¤·¤Æ¤¯¤ì¤¿ Nakano Takeo <tt><nakano at apm.seikei.ac.jp></> ¤Ë´¶¼Õ¤·¤Þ¤¹¡£¤³¤ÎËÝÌõ¤Ï <url url="http://www.linux.or.jp/JF/JFdocs/Chroot-BIND-HOWTO.html"> ¤Ë¤¢¤ê¤Þ¤¹¡£  <sect>ÉÕÏ¿ - Ê¸½ñ¤ÎÇÛÉÛ¥Ý¥ê¥·¡¼<label id="legal"> Copyright © Scott Wunsch, 2000-2001. This document may be distributed only subject to the terms set forth in the LDP licence at <url url="http://metalab.unc.edu/LDP/COPYRIGHT.html">. This HOWTO is free documentation; you can redistribute it and/or modify it under the terms of the LDP licence. It is distributed in the hope that it will be useful, but <bf>without any warranty</>; without even the impled warranty of merchantability or fitness for a particular purpose. See the LDP licence for more details. ¡ÚÌõÃí: ¸¶Ê¸¤¬Í¥Àè¤µ¤ì¤Þ¤¹¤¬¡¢»²¾È¤Î¤¿¤á¤ËËÝÌõ¤ò¼¨¤·¤Þ¤¹¡£ Copyright © Scott Wunsch, 2000-2001. ¤³¤ÎÊ¸½ñ¤Ï <url url="http://metalab.unc.edu/LDP/COPYRIGHT.html"> ¤Ë¤¢¤ë LDP ¥é¥¤¥»¥ó¥¹¤Ë½¾¤¨¤ÐÇÛÉÛ¤Ç¤¤Þ¤¹¡£ ¤³¤Î HOWTO ¤Ï¥Õ¥ê¡¼Ê¸½ñ¤Ç¤¹¡£ LDP ¥é¥¤¥»¥ó¥¹¤Î²¼¤ÇºÆÇÛÉÛ¡¦²þÊÑ¤¬²ÄÇ½¤Ç¤¹¡£ ¤³¤ÎÊ¸½ñ¤ÏÍ±×¤Ç¤¢¤é¤ó¤³¤È¤ò´ê¤Ã¤ÆÇÛÉÛ¤µ¤ì¤Æ¤¤¤Þ¤¹¤¬¡¢ <bf>ÊÝ¾Ú¤Ï°ìÀÚ¤¢¤ê¤Þ¤»¤ó</>¡£ °ÅÌÛ¤Î¤â¤Î¤â´Þ¤á¡¢¾¦ÍÑ¤ËÌòÎ©¤ÄÊÝ¾Ú¤â¤¢¤ê¤Þ¤»¤ó¤·¡¢ ÆÃÄê¤ÎÍÑÅÓ¤Ë¹çÃ×¤¹¤ë¤«¤É¤¦¤«¤â¤ï¤«¤ê¤Þ¤»¤ó¡£ ¾ÜºÙ¤Ï LDP ¥é¥¤¥»¥ó¥¹¤ò¸«¤Æ¤¯¤À¤µ¤¤¡£ ¤Ê¤ªËÝÌõÈÇ¤â LDP ¥é¥¤¥»¥ó¥¹¤Î²¼¤ÇºÆÇÛÉÛ¡¦²þÊÑ²ÄÇ½¤È¤·¤Þ¤¹¡£ Copyright © NAKANO Takeo, 2001.¡Û </article>