  Chroot-BIND8 HOWTO
  Scott Wunsch, scott at wunsch.org
  v1.4, 1 July 2001
  앐Y nakano at apm.seikei.ac.jp
  v1.4j1, 3 January 2002

  ̕ BIND 8 ̃l[T[o "chroot jail" ̓ŁA root 
  [UƂĎs悤ȃCXg[̂܂Bɂ
  ăZLeBA܂ZLeBjꂽƂeŏ
  ɂł܂B́̕Â (łˑRƂĂ悭gĂ) BIND
  8 ΏۂɂĂ܂B BIND 9 ɑ΂ēl̏񋟂Aʂ̕
  ܂B
  ______________________________________________________________________

  ڎ

  1. ͂߂
     1.1 What?
     1.2 Why?
     1.3 Where?
     1.4 How?
     1.5 Ƃ

  2. jail ̗p
     2.1 [U̍쐬
     2.2 fBNg\
     2.3 BIND ̃f[^zu
     2.4 VXẽT|[gt@C
     2.5 OL^
        2.5.1 zIȉ
        2.5.2 ʂ̉

  3. BIND ̃RpC
     3.1 pX̏C
     3.2 rh

  4. łĂ BIND ̃CXg[
     4.1 jail Oւ̃c[̃CXg[
     4.2 oCi
     4.3 init XNvgҏWB
     4.4 ݒύX

  5. WEGh
     5.1 BIND ̋N
     5.2 ȏ!

  6. t^ -  BIND AbvO[hɂ
  7. t^ - ӎ
  8. t^ - ̔zz|V[

  ______________________________________________________________________

  1.  ͂߂

  ̕ Chroot-BIND8 HOWTO łBŐVł̒uĂ}X^[TCg
   ``Where?''  ĂBǎ҂ BIND (the Berkeley Internet Name
  Domain) ̐ݒ@Ep@ɒmĂƂĘbi߂܂Bm
  ĺA܂ DNS HOWTO ǂނƗǂł傤B܂g UNIX nVX
  eɂRpCECXg[ɂẮAǎ҂͏KnĂ
  Ƃ܂B

  1.1.  What?

  ́̕ABIND ̃CXg[Ɏ邱Ƃ̂łAtIȃZL
  eB΍ɂĐ܂B܂ABIND  ``chroot jail'' ̓œ
  悤ݒ肷@ɂĐ܂BȂ킿ABIND ͕߂
  ꂽȃfBNgc[̊Oɂt@C邱ƂłȂ
  ̂łB܂ABIND  root [UŎs悤Ȑݒs
  B

  chroot ̔wɂĺAƂĂPłB BIND (邢͑̃vZ
  X)  chroot jail ̓ŎsƁÃvZX̓t@CVXe
  ̂ jail ̓邱ƂłȂȂ̂łBႦ΁A̕
  ́ABIND  /chroot/named fBNg chroot ԂŎs܂B
  BIND ɂƂẮÃfBNg̒g / ̂悤Ɍ̂łB
  fBNg̊Oɂ͈؃ANZXł܂BJVXe ftp 
  Ƃ̂ĺA炭ɂ chroot jail ɏoƂƎv
  ܂B

  1.2.  Why?

  Ȃ BIND  chroot jail ̓œ삳Ɨǂ̂ł傤B
  ́AɈz BIND ̌găANZX𓾂ƂĂÃANZX
  ł͈͂ŏɐł邩łB BIND  root [Uœ
  삳̂RłB

  ͒ʏ팾ĂZLeB΍ (ŐVłgAANZX
  AȂ) ́A΁u܂vƂ݂ȂׂŁAւ̂ƍl
  Ă͂܂B

  ǎ҂ DNS ̃ZLeBɋȂA̐i𒲂ׂĂ݂̂
  ǂ܂B BIND  StackGuard
  <http://www.immunix.org/products.html#stackguard> Ƌɍ\z΁A
  ƈSコĂł傤Bg͊ȒPłBʂ
  gcc ƓłB܂ Dan Bernstein ̏ DNScache
  <http://cr.yp.to/dnscache.html> ́ABIND ̑ɗpłSȃ\
  tgEFAłBy: djbdns <http://cr.yp.to/djbdns.html> ɉ
  悤łz Dan  qmail ̒҂ł܂B

  1.3.  Where?

  ̍̕ŐVł́A Linux/Open Source Users of Regina, Sask. 
  web TCgł܂B <http://www.losurs.org/docs/howto/Chroot-
  BIND8.html> łB

  ݂͂̓̕{łA앐Y nakano at apm.seikei.ac.jp 
  ǗĂ܂B <http://www.linux.or.jp/JF/JFdocs/Chroot-
  BIND8-HOWTO.html> ł܂B

  BIND  the Internet Software Consortium <http://www.isc.org/> 
  <http://www.isc.org/bind.html> ł܂B̎̕M_
  ̍ŐVł 8.2.4 łB BIND 9 g悤ɂȂĂ炾ԂA
  ۂ̋ƖɎgĂl悤łBł chroot ̏Ȃ
  ȒPʂǂȂĂ܂̂ŁA낻AbvO[hlĂ
  ܂B BIND 9 gẮA Chroot-BIND HOWTO 
  ɂȂĂB̕Ɠꏊɂ͂łB

  8.2.3 ÔׂẴo[W BIND 8 ɂ́Am̃ZLeBz[
  ܂BKŐVłg悤ɁACĂ!

  1.4.  How?

  ͂̕Ag chroot  BIND ZbgAbvo
  Âď܂B̏ꍇ́A BIND  ( Linux fBXg
  r[V) pbP[W`ŃCXg[Ă܂B炭
  ҂̂قƂǂł傤Bł̂ŁAł͊ɃCXg[ς݂
  BIND ݒt@CړďCApbP[W͍폜āAV
  CXg[邱Ƃɂ܂Bł܂pbP[W͍폜Ȃł
  ˁB܂炢t@CKvɂȂ܂B

  ܂ BIND CXg[ĂȂlłA̕̕@𗘗p邱
  ͂ł܂BႢ́Ãt@CRs[Ă悤w
  ŁÃt@C[珑NKvAƂłB̍
  ɂ DNS HOWTO ɗł傤B

  1.5.  Ƃ

  ̋Lq͎̃VXeł͓삵܂Bǎ҂̂Ƃł̌
  ͈قȂ邩܂B 1 ̃Av[`ɉ߂Al̐ݒ
  sɂ͂낢ȕ@L蓾܂ (ʓIȃAv[`͂
  Ȃł傤)B́A݂ōŏɓ삵
  ŁAɏLɂ܂B

  ݂̌܂łɎ BIND ̌oł́A Linux T[oɂCXg[
  sĂ܂BA̐̑̕唼́A̎ނ UNIX ɂe
  ՂɓKpł͂łB̋CtႢɂẮAł邾Lq
  łB

  2.  jail ̗p

  2.1.  [U̍쐬

  u͂߂Ɂvŏqׂ悤ɁA BIND  root Ŏŝ͂܂ǂ
  lł͂܂B]āA܂ŏ BIND p̃[U܂
  B̖ړIɁAnobody ̂悤Ȋ̈ʌ[ÚAĎgׂ
  ł͂܂BASuSE  Linux Mandrake ȂǁAŏ炱̂
  ̃[U ( named ƂO) pӂĂfBXgr[V
  ̂ŁȀꍇ͂]݂Ȃ炱̃[UpĂ\܂B

  āA[Uǉɂ́Â悤ȍs /etc/passwd ɉ܂B

       named:x:200:200:Nameserver:/chroot/named:/bin/false

  Ď̍s /etc/group ɉ܂B

       named:x:200:

   BIND p named Ƃ[UƃO[vł܂B UID  GID
  (̗ł͗Ƃ 200) Ag̃VXeőƏdȂĂȂ悤
  ɒӂ܂傤B̃[U̓OCKvȂ̂ŁAVF
  /bin/false ɂĂ܂B

  2.2.  fBNg\

  ɁAchroot jail ɎgpfBNg\ĂKv
  B BIND ̐̏ƂȂ킯łB̓t@CVXêǂ
  ł\܂Bɐ_oȐĺAƗ{[ (p[eBV
  ) ɒuƂv܂ˁBł /chroot/named g
  ܂B܂ȉ̂悤ȃfBNg\ĂB

       /chroot
         +-- named
              +-- bin
              +-- dev
              +-- etc
              |    +-- namedb
              +-- lib
              +-- var
                   +-- run

  y: Debian [UŃoCi̍ăRpCsȂl (q)
  ́A /chroot/named/etc/namedb  /chroot/named/etc/bind Ƃ܂傤z

  2.3.  BIND ̃f[^zu

  ɒʏ̂ BIND CXg[łĂāA𗘗pĂ
  A named.conf t@Cƃ][t@C͂łB̃t@C
   chroot jail ̒Ɉړ (邢͈SɂȂRs[) āABIND
  猩悤ɂĂKv܂B named.conf 
  /chroot/named/etc ցA][t@C /chroot/named/etc/namedb ֈړ
  ܂BႦ:

       # cp -p /etc/named.conf /chroot/named/etc/

       # cp -a /var/named/* /chroot/named/etc/namedb/

  y: Debian ̏ꍇ named.conf ̏ꏊ /chroot/named/etc/bind 
  Ȃ܂B][t@C̒uꏊ named.conf ̋LqɈˑ̂
  Aʏ named.conf ƓfBNgɂȂĂ܂Bz

  BIND ͂炭 namedb fBNgƁAɒuꂽt@C (̈ꕔ)
  ɑ΂鏑݌KvƂ܂BႦ΁Ag DNS ][
  X[uŃT[rXȂA BIND ͂̃][t@CXVłȂ
  ΂Ȃ܂B܂ BIND ͓v_vł܂̂ŁA
  fBNgɏ悤ɂĂKv܂B̗RA
  ̃fBNg (Ƃ̒g) ̏L҂ named [UɂĂׂ
  傤B

       # chown -R named:named /chroot/named/etc/namedb

  y: ̓Iɂ́Anamed.conf  "options" 錾 directory A
  ݂̏sfBNgɂȂ܂B̓][t@C
  ̃pXw̃x[XfBNgł܂B

  Debian ̗VłƁA directory  /var/cache/named ɂȂĂA
  e][t@C̓tpXŎw肷邩ɂȂĂ܂B̏ꍇ

  # mkdir -p /chroot/named/var/cache/namedb
  # chown -R named:named /chroot/named/var/cache/namedb

  ȂǂƂ邱ƂɂȂł傤Bz

  BIND  /var/run fBNgɂ݌KvƂ܂B pid t@
  C ndc \Pbgɍ邩łB̃R}hł\ɂ
  Ă܂傤B

       # chown named:named /chroot/named/var/run

  2.4.  VXẽT|[gt@C

  BIND  chroot jail ł̎sn߂ƁA jail Õt@Cւ͈
  ؃ANZXłȂȂ܂BAVXe C CuȂǁA
  ̏dvȃt@Cɂ͎sANZXłȂ΂Ȃ܂Bۂ
  ǂ̃CuKvɂȂ邩́Ag UNIX OS Ɉˑ܂BŐV
  Linux VXeȂAȉ̃R}h𗘗pΕKvȃt@CK؂ȏ
  ɂƔzuĂ͂łB

       # cd /chroot/named/lib
       # cp -p /lib/libc-2.*.so .
       # ln -s libc-2.*.so libc.so.6
       # cp -p /lib/ld-2.*.so .
       # ln -s ld-2.*.so ld-linux.so.2

  ɁABIND ̃oCiÓIɃNărhA
  chroot jail ȉɒuėp邱Ƃ\łB ldconfig  jail ̓
  ɃRs[ĎsA jail p etc/ld.so.cache ܂傤B
  ̃R}hs܂:

       # cp /sbin/ldconfig /chroot/named/bin/
       # chroot /chroot/named /bin/ldconfig -v

  BIND ͂t@C jail ̓ɕKvƂ܂B
  /dev/null łBłÃfoCXm[h邽߂ɕKvȃR}h
  ̓VXeɂĈقȂł傤B /dev/MAKEDEV XNvg𒲂ׂĊmF
  ĂBVXeɂĂ /dev/zero KvȂƂ܂B
  Ƃǂ Linux VXeł́Aȉ̃R}hg܂B

       # mknod /chroot/named/dev/null c 1 3

  y

  # chmod go+w /chroot/named/dev/null

  KvƎv܂Bz

  ŌɁAɃt@C 2`3Ajail  /etc fBNgɎĂ
  Kv܂B /etc/localtime (VXeɂĂ
  /usr/lib/zoneinfo/localtime ܂) A BIND ɐŃ
  OL^ɂ͕KvłB܂ named O[v̊܂܂ȒP group
  t@C쐬Kv܂Bȉ̃R}h̖ʓ|Ă
  ܂B

       # cp /etc/localtime /chroot/named/etc/

       # echo 'named:x:200:' > /chroot/named/etc/group

  GID (̗ł 200) ɂځBɖ{ /etc/group Œ`̂
  ɂȂ΂Ȃ܂B

  2.5.  OL^

  {̎lƂ͈قȂABIND ̓OL^ǂɏƂ͂ł܂ :-)B
  ʏ BIND ̓OAVXẽMOf[ł syslogd oRŋL
  ^܂B̃^CṽOL^́Aȃ\Pbgł /dev/log ʂ
  ăOGg𑗐M邱Ƃōs܂B jail ̊Oɂ
  ܂ABIND ͎g܂Bł肪ƂɁA
  @͂݂܂B

  2.5.1.  zIȉ

  ̃W}ɑ΂闝zIȉ@ɂ́A OpenBSD œꂽ -a X
  Cb`T|[gArIVo[W syslogd KvłB
  syslogd(8)  man y[W`FbNāA̎gĂ̂ꂩǂ
  ĂB

  T|[gĂ΁Asyslogd Nۂ̃R}hC ``-a
  /chroot/named/dev/log'' ǉ邾 OK łB SysV-init ׂ
  gĂVXe (Linux fBXgr[V̂قƂǂ͂) 
  AN͒ʏ /etc/rc.d/init.d/syslog t@CłȂ܂BႦ΁A
   Red Hat Linux VXeł́A

       daemon syslogd -m 0

  ̍s

       daemon syslogd -m 0 -a /chroot/named/dev/log

  ƕύX܂B

  Caldera OpenLinux VXeł ssd Ƃf[`gĂ
  A͐ݒ /etc/sysconfig/daemons/syslog ǂ݂܂B̒
  IvVsȉ̂悤ɏC邾łB

       OPTIONS_SYSLOGD="-m 0 -a /chroot/named/dev/log"

  l SuSE VXeł́ÃXCb` /etc/rc.config t@Cɒǉ
  ̂ǂłB

       SYSLOGD_PARAMS=""

  Ƃs

       SYSLOGD_PARAMS="-a /chroot/named/dev/log"

  Ƃ OK łB

  y: Debian Ȃ /etc/init.d/syslogd 

       SYSLOGD=""

  Ƃs

       SYSLOGD="-a /chroot/named/dev/log"

  Ƃ܂Bz

  g̃VXeł̕ύX@킩A syslogd ċN邾
  Bkill čĂ (ǉp[^ƂƂ) NĂłA
  SysV-init XNvggĎ̂悤ɂ̂łǂł傤B

       # /etc/rc.d/init.d/syslog stop
       # /etc/rc.d/init.d/syslog start

  ċNłA/chroot/named/dev Ɉȉ̂悤 log Ƃut@C
  vłĂ͂łB

  srw-rw-rw-   1 root     root            0 Mar 13 20:58 log

  2.5.2.  ʂ̉

  Â syslogd gĂꍇ́AOɂ͕ʂ̕@Ȃ
  ΂Ȃ܂BႦ hoellogd ̂悤ȁAuvLVvƂē삷悤
  ݌vĂvO݂܂B chroot ꂽ BIND 烍
  OGg󂯎Aʏ /dev/log \Pbgɓn܂B

  邢́ABIND ݒ肵āAO syslog ɑ̂ł͂Ȃt@Cɏ
  ނ悤ɂł܂B̕@IԂȂABIND ̕ɂďڍ
  𒲂ׂĂB

  3.  BIND ̃RpC

  y: ̏͂̓éA ndc  -c, -p, -n ƂIvVg
  \ł͂ȂƎv܂B͂ꂼA named Ƃ̒ʐMɎg
  \PbgA pid t@CAnamed {́AftHgȊOɂ̂ł
  (-n  undocumented ł)B ndc ̎s -c
  /chroot/named/var/run/ndc -p /chroot/named/var/run/named.pid -n
  /chroot/named/usr/sbin/named w肵Ă΁AfBXgr[V
  ŔzzĂoCî܂܎g邩Ǝv܂Bz

  BIND ̃\[X <http://www.isc.org/bind.html> Ō͂łBK
  vȂ̂ bind-src.tar.gz pbP[WłBmɍŐVł肷邱!

  3.1.  pX̏C

  łƎԂ͕GɂȂ܂B BIND pbP[W̌X̕A
  fBNg (jail ŎsĂ邩ǂɂ) ʁX̖O
  ŎQƂ邩łBAł邾ǎ҂Ȃ悤撣܂ :-)

  ɋCȂ΂ȂȂfBNg /var/run łB̒g
  AC named f[ (jail )  ndc [eBeB (jail O
  ) ̗ŕKvƂȂ邩łB܂̃fBNgAOE猩
  悤ɑŜݒ肵܂傤Bsɂ
  src/port/linux/Makefile.set (Linux ȊOgĂl͕ʂ̃fBNg
  ł) 

       DESTRUN=/var/run

  Ƃs

       DESTRUN=/chroot/named/var/run

  ɏC܂BCXg[̃pX /usr  /usr/local ֕ύX
  ĺAłĂB

  ŁAׂĂ̂̂fBNg悤ɂȂ͂łB
  Anamed f[ẮB jail  /var/run Ȃ
  ΂ȂȂ̂łB̖ɂ́Anamed ̃\[XɏXύXKv
  łB src/bin/named/named.h t@C̎̍sĂB

       #include "pathnames.h"

  ̒

       #define _PATH_NDCSOCK    "/var/run/ndc"

  ǉ܂B named ͐ Makefile.set Œ` DESTRUN
  𖳎A (chroot jail 猩) ꏊQƂĂ܂Brh
  ̍Œ _PATH_NDCSOCK Ē`ĂƂ warning o܂A
  č\܂B

  3.2.  rh

  ł BIND RpC܂傤BRpC INSTALL t@Cɏ]
  ĕʂɂł܂B̒iKł BIND ̃RpCsACXg[
  ͂܂B INSTALL t@Ĉ܂̂ق܂ł͍sȂ悤ɁB
  ۂɂ make clean, make depend, make sΗǂłB

  4.  łĂ BIND ̃CXg[

   BIND  (Ⴆ RPM ) CXg[ς݂ȂAV BIND C
  Xg[OɁA폜Ă܂傤B Red Hat ̃VXe
  ȂA bind pbP[W bind-utils pbP[W폜΂łB
   bind-devel  caching-nameserver A폜Ă
  傤B

  init XNvg (/etc/rc.d/init.d/named) ApbP[W̍폜
  OɃRs[ۑĂƂł傤BŖɗ܂B

  4.1.  jail Oւ̃c[̃CXg[

  ͊ȒPȕł :-) make install sΑSĂ܂B
  chroot łȂق BIND ԈĎsȂ悤ɁAƂ chmod 000
  /usr/local/sbin/named sĂƂ܂ (Ɏ
  ߂ /usr/local/sbin I΂ȂĺAł /usr/sbin/named
  ɂȂ܂)B

  y: oCi̍ărhȂ΁A̍Ƃ͕svłˁBz

  4.2.  oCi

  chroot jail ̒ŐKv̂ 2 ̃vOłB
  C named f[g named-xfer łB҂̓][]ɗp
  ܂B\[Xc[Rs[邾 OK łB

       # cp src/bin/named/named /chroot/named/bin

       # cp src/bin/named-xfer/named-xfer /chroot/named/bin

  y: oCi̍ărhȂ΁Ał̓pbP[WɊ܂܂
  named, named-xfer ړΗǂłB҂Ƃ܂ẮAړɂ̓f
  tHg𔽉f /chroot/named/usr/sbin ̕߂̂ł
  Bz

  4.3.  init XNvgҏWB

  fBXgr[VɊ܂܂Ă init XNvg΁A
  /chroot/named/bin/named K؂ȃXCb`ƂƂɋN悤ύX
  łȒPł傤BXCb`... (Ńh[...)

  o  -u named,  BIND [U root ł͂Ȃ named Ŏs܂B

  o  -g named,  BIND O[v root  wheel ł͂Ȃ named Ŏ
     s܂B

  o  -t /chroot/named, ͂ɂ BIND ͎g (ɗpӂ)
     jail  chroot ܂B

  ȉ init XNvǵA҂ Red Hat 6.0 VXeŎgĂ
  ̂łB킩̂ƂAقƂǂ Red Hat ̂̂ƕς肠
  B ndc restart R}hXύXA chroot ۂ܂ܐT
  [oċN悤ɂĂ܂B̂܂܃Rs[ł͎g
  ȂꍇłAg init XNvgɓύX͊ȒPɍs͂
  B

  ______________________________________________________________________
  #!/bin/sh
  #
  # named           This shell script takes care of starting and stopping
  #                 named (BIND DNS server).
  #
  # chkconfig: 345 55 45
  # description: named (BIND) is a Domain Name Server (DNS) \
  # that is used to resolve host names to IP addresses.
  # probe: true

  # Source function library.
  . /etc/rc.d/init.d/functions

  # Source networking configuration.
  . /etc/sysconfig/network

  # Check that networking is up.
  [ ${NETWORKING} = "no" ] && exit 0

  [ -f /chroot/named/bin/named ] || exit 0

  [ -f /chroot/named/etc/named.conf ] || exit 0

  # See how we were called.
  case "$1" in
    start)
          # Start daemons.
          echo -n "Starting named: "
          daemon /chroot/named/bin/named -u named -g named -t /chroot/named
          echo
          touch /var/lock/subsys/named
          ;;
    stop)
          # Stop daemons.
          echo -n "Shutting down named: "
          killproc named
          rm -f /var/lock/subsys/named
          echo
          ;;
    status)
          /usr/local/sbin/ndc status
          exit $?
          ;;
    restart)
          /usr/local/sbin/ndc -n /chroot/named/bin/named "restart -u named -g named -t /chroot/named"
          exit $?
          ;;
    reload)
          /usr/local/sbin/ndc reload
          exit $?
          ;;
    probe)
          # named knows how to reload intelligently; we don't want linuxconf
          # to offer to restart every time
          /usr/local/sbin/ndc reload >/dev/null 2>&1 || echo start
          exit 0
          ;;

    *)
          echo "Usage: named {start|stop|status|restart}"
          exit 1
  esac

  exit 0
  ______________________________________________________________________
  Caldera OpenLinux VXeł́A擪t߂Œ`ĂϐCA
  ȉ̂悤ɂ OK łB

       NAME=named
       DAEMON=/chroot/named/bin/$NAME
       OPTIONS="-t /chroot/named -u named -g named"

  y: ɏqׂ悤ɁA ndc  -c, -p, -n Ȃǂ̃IvVp
  ΁AoCi̍ăRpC͖҂̊ł͕svłB҂ Debian 
  gĂ init XNvg (/etc/init.d/bind) ȉɎ܂B

  ______________________________________________________________________
  #!/bin/sh

  PATH=/sbin:/bin:/usr/sbin:/usr/bin

  test -x /chroot/named/usr/sbin/named || exit 0

  case "$1" in
      start)
          echo -n "Starting domain name service: named"
          start-stop-daemon --start --quiet --exec /chroot/named/usr/sbin/named \
              -- -u named -g named -t /chroot/named
          echo "."
      ;;

      stop)
          echo -n "Stopping domain name service: named"
          start-stop-daemon --stop --quiet  \
              --pidfile /chroot/named/var/run/named.pid \
              --exec /chroot/named/usr/sbin/named
          echo "."
      ;;

      restart)
          /usr/sbin/ndc -c /chroot/named/var/run/ndc \
              -n /chroot/named/usr/sbin/named \
              -p /chroot/named/var/run/named.pid \
              "restart -u named -g named -t /chroot/named"
      ;;

      reload)
          /usr/sbin/ndc -c /chroot/named/var/run/ndc \
              -n /chroot/named/usr/sbin/named \
              -p /chroot/named/var/run/named.pid \
              reload
      ;;

      force-reload)
          $0 restart
      ;;

      *)
          echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2
          exit 1
      ;;
  esac

  exit 0
  ______________________________________________________________________

  oCit@C (named  named-xfer) ̒uꏊ ``fBNg\
  ւ'' ̂Ƃŏ悤ɁAchroot jail  /usr/sbin ɂ
  ܂Bz

  4.4.  ݒύX

  named.conf ɂǉECsA낢ȃfBNg
  삷悤ɂKv܂BɁAȉ option ZNVɒ
   (邢͂łɂΏC) Ȃ΂Ȃ܂B

       directory "/etc/namedb";
       pid-file "/var/run/named.pid";
       named-xfer "/bin/named-xfer";

  ̃t@C named f[ǂނƂɂȂ̂ŁApX
  ׂ chroot jail ł̑ΈʒuɂȂ܂B

  y: ``named.conf Ɋւ'' ̂Ƃŏ܂A directory
  ͈ꎞt@C̒uꏊłƓɃ][t@C̃pXw̃x[X
  fBNgɂȂƂłB

  pid-file ̓ftHgƓȂ̂œɎw̕Kv͂ȂA named-xfer 
  ``fBNg\Ɋւ'' ŏ悤ɁAoCi
  /chroot/named/usr/sbin ɒuΎw肵Ȃėǂ͂łBz

  l̐l̃|[gɂ΁Aȉ̗]ȃubN named.conf ɏ
  ȂƁA ndc 삵ȂAƂ̂ƂłB

       controls {
           unix "/var/run/ndc" perm 0600 owner 0 group 0;
       };

  5.  WEGh

  5.1.  BIND ̋N

  łׂĂ̐ݒ肪I܂BVAS BIND sɈڂ
  鎞킯łB SysV ` init XNvgpĂȂA
  悤Ɏs邾łB

       # /etc/rc.d/init.d/named start

  sOɌÂo[W BIND s kill ̂YȂ
  ɁB

  O΁ABIND [hꂽƂɏbZ[WL^Ă
  ̂͂ł (Ȃ΁A ``OL^'' ł̐ݒɖ肪
  ACv܂)B̃bZ[W̒ŁA BIND ͂܂ chroot
  łA[U/O[v named ŋNłAbZ[W`Ă
  ͂łB炪Ȃ΁AȂɂ肪܂B

  5.2.  ȏ!

  ňSĖ邱Ƃł܂ ;-)

  6.  t^ -  BIND AbvO[hɂ

  āA BIND 8.2.2_P7 ܂ chroot āA]݂̂ƂɃ`[
  ł܂...  Ão[WɁA[g root D
  ZLeBz[AƂ̕\Ă܂B
   8.2.3 ɃAbvO[hȂ΂Ȃ܂B̐Vo[W
  łA܂ŏqׂĂ葱ŜJԂȂ΂ȂȂ̂
  傤?

  BۂɕKvȂ̂́A ``BIND ̃RpC'' ̃ZNVƁA
  ``BIND ̃CXg['' ̃ZNV̍ŏ 2 AoCi jail 
  OɂꂼCXg[ƂłB

  HOWTO ̎c̕Ajail ̑ݒ肷Ƃ́A BIND ̃o[W
  ύXĂςKv͂܂BVoCiÂoCȉ
  ㏑邾 OK łB̌ BIND  kill čċN邱
  ƁBȂƊ댯ȃo[Ŵ܂܎sĂ܂!

  7.  t^ - ӎ

   HOWTO ̍쐬̏ƂȂĂAȉ̕XɊӂ܂B

  o  Lonny Selinger <lonny at abyss.za.org> ́A HOWTO ̍ŏ̔ł
     ueXgvĂAKvȎ葱΂ĂȂƂM҂Ɋm
     MĂ܂B

  o  Chirik <chirik at CastleFur.COM>, Dwayne Litzenberger <dlitz at
     dlitz.net>, Phil Bambridge <phil.b at cableinet.co.uk>, Robert Cole
     <rcole at metrum-datatape.com>, Colin MacDonald <colinm at
     telus.net> قÅF񂪂̊̕ԈႢAwEĂ
     A܂ HOWOTO ǂ邽߂̗LvȃAhoCX
     ܂B

  o  Erik Wallin <erikw at sec.se>  Brian Cervenka <brian at
     zerobelow.org> ́Ajail ɋłɂ邽߂́ADꂽĂ𑗂
     Ă܂B

  čŌɁA Chroot-BIND HOWTO {ɖ|󂵂Ăꂽ Nakano Takeo
  <nakano at apm.seikei.ac.jp> Ɋӂ܂B̖|
  <http://www.linux.or.jp/JF/JFdocs/Chroot-BIND-HOWTO.html> ɂ܂B

  8.  t^ - ̔zz|V[

  Copyright (C) Scott Wunsch, 2000-2001.  This document may be
  distributed only subject to the terms set forth in the LDP licence at
  <http://metalab.unc.edu/LDP/COPYRIGHT.html>.

  This HOWTO is free documentation; you can redistribute it and/or
  modify it under the terms of the LDP licence.  It is distributed in
  the hope that it will be useful, but without any warranty; without
  even the impled warranty of merchantability or fitness for a
  particular purpose.  See the LDP licence for more details.

  y: D悳܂AQƂ̂߂ɖ|܂B

  Copyright (C) Scott Wunsch, 2000-2001.  ̕
  <http://metalab.unc.edu/LDP/COPYRIGHT.html> ɂ LDP CZXɏ]
  Δzzł܂B
   HOWTO ̓t[łB LDP CZX̉ōĔzzEς\
  B͗̕Lvł񂱂ƂĔzzĂ܂Aۏ؂͈؂
  ܂BÖق̂̂܂߁Apɖ𗧂ۏ؂܂񂵁A̗pr
  ɍv邩ǂ킩܂Bڍׂ LDP CZXĂ
  B

  Ȃ|ł LDP CZX̉ōĔzzEω\Ƃ܂B Copyright
  (C) NAKANO Takeo, 2001.z

