Sophie: howto-text-ja-9.0-1mdk noarch

howto-text-ja-9.0-1mdk.noarch.rpm

  Chroot-BIND HOWTO
  Scott Wunsch, scott at wunsch.org
  v1.5, 1 December 2001
  ìY nakano at apm.seikei.ac.jp
  v1.5j1, 3 January 2002

  ±Ì¶Í BIND 8 Ìl[T[oð "chroot jail" ÌàÅAñ root 
  [UÆµÄÀs³¹éæ¤ÈCXg[Ìâèûðà¾µÜ·B±êÉæÁ
  ÄZLeBª»³êAÜ½ZLeBªjçê½Æ«àe¿ðÅ¬À
  ÉÅ«Ü·BÈ¨A±Ì¶Í BIND 9 ü¯ÉXV³êÜµ½BÜ¾ BIND 8
  ðgÁÄ¢élÍAãíèÉ Chroot-BIND8 HOWTO ðÇñÅ¾³¢B
  ______________________________________________________________________

  Ú

  1. Í¶ßÉ
     1.1 What?
     1.2 Why?
     1.3 Where?
     1.4 How?
     1.5 ¨±Æíè

  2. jail ÌpÓ
     2.1 [UÌì¬
     2.2 fBNg\¢
     2.3 BIND Ìf[^ðzu·é
     2.4 VXeÌT|[gt@C
     2.5 OL^
        2.5.1 zIÈð
        2.5.2 ÊÌð
     2.6 p[~bVðµµ·é

  3. sJsJÌ BIND ðVKÉRpCECXg[·é
     3.1 RpC·é

  4. BIND ðCXg[·é
     4.1 oCiðCXg[·é
     4.2 init XNvgðÒW·éB
     4.3 ÝèðÏX·é

  5. WEGh
     5.1 BIND ÌN®
     5.2 Èã!

  6. t^ - ãÉ BIND ðAbvO[h·éÉÍ
  7. t^ - Ó«
  8. t^ - ¶Ìzz|V[

  ______________________________________________________________________

  1.  Í¶ßÉ

  ±Ì¶Í Chroot-BIND HOWTO Å·BÅVÅÌu©êÄ¢é}X^[TCg
  Í ``Where?''  ð©Ä¾³¢BÇÒÍ BIND (the Berkeley Internet Name
  Domain) ÌÝèû@Epû@ðùÉmÁÄ¢éÆµÄbðißÜ·BmçÈ
  ¢lÍAÜ¸ DNS HOWTO ðÇÞÆÇ¢Åµå¤BÜ½¨g¢Ì UNIX nVX
  eÉ¨¯éRpCECXg[ÉÂ¢ÄÍAÇÒÍKnµÄ¢éàÌ
  ÆµÜ·B

  1.1.  What?

  ±Ì¶ÍABIND ÌCXg[Éæé±ÆÌÅ«éAtÁIÈZL
  eBÎôÉÂ¢Äà¾µÜ·BÜ¸ABIND ð ``chroot jail'' ÌàÅ®ì
  ³¹éæ¤Ýè·éû@ÉÂ¢Äà¾µÜ·B·Èí¿ABIND ÍÂ¶ßç
  ê½¬³ÈfBNgc[ÌOÉ ét@Cð©é±ÆªÅ«ÈÈ
  éÌÅ·BÜ½ABIND ðñ root [UÅÀs³¹éæ¤ÈÝèàs¢Ü
  ·B

  chroot ÌwãÉ él¦ûÍAÆÄàPÅ·B BIND ( é¢Í¼ÌvZ
  X) ð chroot jail ÌàÅÀs·éÆA»ÌvZXÍt@CVXe
  Ì¤¿ jail Ìàµ©©é±ÆªÅ«ÈÈéÌÅ·Bá¦ÎA±Ì¶Å
  ÍABIND ð /chroot/named fBNgÉ chroot µ½óÔÅÀsµÜ·B
  BIND ÉÆÁÄÍA±ÌfBNgÌgª / Ìæ¤É©¦éÌÅ·B±Ì
  fBNgÌOÉÍêØANZXÅ«Ü¹ñBöJVXeÉ ftp Å
  OCµ½±ÆÌ élÍA¨»çùÉ±Ì chroot jail ÉoïÁ½±Æ
  ª éÆv¢Ü·B

  chroot ÌÍ BIND 9 ÅÍ¸ÁÆÈPÉÈÁ½ÌÅA±Ì¶ð¿åÁÆ
  ¸Âg£·é±ÆÉµÄA BIND ÌCXg[É¨¯éAàÁÆêÊIÈR
  cÈÇàÜßéæ¤ÉµÜµ½BÅàA±Ì¶Í BIND ðÀSÉ·é½ßÌ
  ®SÈéKChÅÍ èÜ¹ñ (µA»¤·éÂàèà èÜ¹ñ)B±Ì¶
  É©êÄ¢é±ÆðsÁ½¾¯ÅÍAÜ¾l[T[oðÀSÉÅ«½í
  ¯ÅÍÈ¢ÌÅ·æ!

  1.2.  Why?

  Èº BIND ð chroot jail ÌàÅ®ì³¹éÆÇ¢ÌÅµå¤©B»ê
  ÍA¼É«¢zª BIND ÌðgÁÄANZXð¾½ÆµÄàA»ÌANZX
  Å«éÍÍðÅ¬ÀÉ§ÀÅ«é©çÅ·B BIND ðñ root [U ÀÅ®
  ì³¹éÌà¯¶R©çÅ·B

  ±êÍÊí¾íêÄ¢éZLeBÎô (ÅVÅðg¤AANZX§Àð·
  éAÈÇ) ÌA¢íÎu¨Ü¯vÆÝÈ·×«ÅAà¿ëñ±êðãÖ·éà
  ÌÆl¦ÄÍ¢¯Ü¹ñB

  ÇÒª DNS ÌZLeBÉ»¡ð¨¿ÈçA¼Ì»ið²×ÄÝéÌà
  Ç¢©àµêÜ¹ñB BIND ð StackGuard
  <http://www.immunix.org/products.html#stackguard> Æ¤É\z·êÎA
  «ÁÆÀS«ðæèüã³¹ÄêéÅµå¤Bg¢ûÍÈPÅ·BÊÌ
  gcc Æ¯¶Å·BÜ½ Dan Bernstein Ì¢½ DNScache
  <http://cr.yp.to/dnscache.html> ÍABIND ÌãíèÉpÅ«éÀSÈ\
  tgEFAÅ·Byó: djbdns <http://cr.yp.to/djbdns.html> Éü¼µ
  ½æ¤Å·z Dan Í qmail ÌÒÅà èÜ·B

  1.3.  Where?

  ±Ì¶ÌÅVÅÍAíÉ Linux/Open Source Users of Regina, Sask. Ì
  web TCgæèüèÅ«Ü·B <http://www.losurs.org/docs/howto/Chroot-
  BIND.html> Å·B

  »ÝÍ±Ì¶Ìú{êÅà èAìY nakano at apm.seikei.ac.jp ª
  ÇµÄ¢Ü·B±êÍ <http://www.linux.or.jp/JF/JFdocs/Chroot-BIND-
  HOWTO.html> ©çüèÅ«Ü·B

  BIND Í the Internet Software Consortium <http://www.isc.org/> Ì
  <http://www.isc.org/bind.html> ©çüèÅ«Ü·B±Ì¶Ì·M_Å
  ÌÅVÅÍ 9.2.0 Å·B BIND 9 ªg¦éæ¤ÉÈÁÄ©ç¾¢Ô½¿AÀ
  ÛÌÆ±ÉgÁÄ¢élà½¢æ¤Å·Bµ©µAæèÛçIÈl½¿ÍAÜ
  ¾ BIND 8 ðg¤ûðDñÅ¢éæ¤Å·BàµÇÒªãÒÉ®·éÈçÎA
  chroot ÌÚ×ÉÂ¢ÄÍ Chroot-BIND8 HOWTO (¯¶êÉ èÜ·) Ìûð
  ÇñÅ¾³¢BÅàABIND 8 ÌÙ¤ª chroot ð·éÉÍ¸ÁÆÊ|Å 
  é±Æà¨YêÈB

  Ã¢o[WÌ BIND Ì½ÉÍAùmÌZLeBz[ª èÜ·B
  K¸ÅVÅðg¤æ¤ÉACðÂ¯Ä¾³¢!

  1.4.  How?

  Í±Ì¶ðA©ª©gÅ chroot Â«È BIND ðZbgAbvµ½o±É
  îÃ¢Ä«Üµ½BÌêÍAùÉ BIND ð (©ªÌ Linux fBXg
  r[VÌ) pbP[W`®ÅCXg[µÄ èÜµ½B¨»çÇ
  ÒÌÙÆñÇà¯¶Åµå¤BÅ·ÌÅA±±ÅÍùÉCXg[ÏÝÌ
  BIND ©çÝèt@CðÚ®µÄC³µApbP[WÍíµÄAVµ¢Ì
  ðCXg[·é±ÆÉµÜ·BÅàÜ¾pbP[WÍíµÈ¢Å¾³
  ¢ËBÜ¸»±©ç¢Â©t@CªKvÉÈèÜ·©çB

  Ü¾ BIND ðCXg[µÄ¢È¢lÅàA±Ì¶Ìû@ðp·é±Æ
  ÍÅ«Ü·Bá¢ÍAªù¶Ìt@CðRs[µÄéæ¤w¦µ½ª
  ÅA»Ìt@Cð[©ç«N±·Kvª éAÆ¢¤¾¯Å·B±ÌÛ
  ÉÍ DNS HOWTO ªðÉ§ÂÅµå¤B

  1.5.  ¨±Æíè

  ±êçÌLqÍÌVXeÅÍ®ìµÜµ½ªAÇÒÌÆ±ëÅÌÊÍÙ
  Èé©àµêÜ¹ñB±êÍ 1 ÂÌAv[`Éß¬¸A¯lÌÝèðs¤
  ÉÍ¢ë¢ëÈû@ªLè¾Ü· (êÊIÈAv[`Í¾¢½¢¯¶ÉÈé
  Åµå¤ª)B±êÍAªÝ½ÅÅÉ®ìµ½âèû¾Á½ÌÅA±
  ±É«Lµ½É·¬Ü¹ñB

  Ì»ÝÜÅÉé BIND Ìo±ÅÍA Linux T[oÉµ©CXg[ð
  sÁÄ¢Ü¹ñBµ©µA±Ì¶Ìà¾Ìå¼ÍA¼ÌíÞÌ UNIX Éàe
  ÕÉKpÅ«éÍ¸Å·BÌCt¢½á¢ÉÂ¢ÄÍAÅ«é¾¯Lq·é
  ÂàèÅ·BÜ½A¼ÌfBXgr[Vâ¼ÌvbgtH[ð
  gÁÄ¢él½¿©ç¢Â©wEðó¯Ä¢Ü·ÌÅA»êçàÅ«é¾¯
  Üßéæ¤ÉµÜµ½B

  Linux ðgÁÄ¢élÍA±êçð·OÉAgÁÄ¢éÌª 2.4 J[l
  Å é©Ç¤©mF·éKvª èÜ·B -u XCb` (ñ root [UÅ®
  ì³¹é) ÉÍA±ÌVµ¢J[lªKvÅ·B

  2.  jail ÌpÓ

  2.1.  [UÌì¬

  uÍ¶ßÉvÅq×½æ¤ÉA BIND ð root  ÀÅÀs·éÌÍ ÜèÇ¢
  l¦ÅÍ èÜ¹ñB]ÁÄAÜ¸ÅÉ BIND êpÌ[UðìèÜµå
  ¤B±ÌÚIÉAnobody Ìæ¤Èù¶ÌêÊü¯[UÍAµÄg¤×«
  ÅÍ èÜ¹ñBµ©µASuSE â Linux Mandrake ÈÇAÅ©ç±Ì½ß
  Ì[U (Ê named Æ¢¤¼O) ðpÓµÄ¢éfBXgr[V
  à éÌÅA»ÌêÍ¨]ÝÈç±Ì[Uðp¢Äà\¢Ü¹ñB

  ³ÄA[UðÇÁ·éÉÍAÌæ¤Èsð /etc/passwd ÉÁ¦Ü·B

       named:x:200:200:Nameserver:/chroot/named:/bin/false

  »µÄÌsð /etc/group ÉÁ¦Ü·B

       named:x:200:

  ±êÅ BIND pÌ named Æ¢¤[UÆO[vªÅ«Üµ½B UID Æ GID
  (±ÌáÅÍ¼ûÆà 200) ªA¨g¢ÌVXeÅ¼ÆdÈÁÄ¢È¢æ¤
  ÉÓµÜµå¤B±Ì[UÍOC·éKvªÈ¢ÌÅAVFÍ
  /bin/false ÉµÄ èÜ·B

  2.2.  fBNg\¢

  ÉAchroot jail Égp·éfBNg\¢ðìÁÄ °éKvª èÜ
  ·B±±ª BIND Ì¶ÌêÆÈéí¯Å·B±êÍt@CVXeÌÇ±
  Åà\¢Ü¹ñBñíÉ_o¿ÈlÍAÆ§µ½{[ (p[eBV
  ) Éu«½¢Æ³¦v¤©àµêÜ¹ñËB±±ÅÍ /chroot/named ðg
  ¢Ü·BÜ¸ÈºÌæ¤ÈfBNg\¢ðìÁÄ¾³¢B

       /chroot
         +-- named
              +-- dev
              +-- etc
              |    +-- namedb
              |         +-- slave
              +-- var
                   +-- run

  (Linux VXeÈÇÅ) GNU Ì mkdir ðgÁÄ¢élÍAÌæ¤É·êÎ
  ±ÌfBNg\¢ªìêÜ·B

       # mkdir -p /chroot/named
       # cd /chroot/named
       # mkdir -p dev etc/namedb/slave var/run

  2.3.  BIND Ìf[^ðzu·é

  ùÉÊíÌ©½¿Å BIND ªCXg[Å«Ä¢ÄA±êðpµÄ¢éÈ
  çA named.conf t@CÆ][t@Cª éÍ¸Å·B±êçÌt@C
  Í chroot jail ÌÉÚ® ( é¢ÍÀSÉâéÈçRs[) µÄA BIND
  ©ç©¦éæ¤ÉµÄâéKvª èÜ·B named.conf Í
  /chroot/named/etc ÖA][t@CÍ /chroot/named/etc/namedb ÖÚ®
  µÜ·Bá¦Î:

       # cp -p /etc/named.conf /chroot/named/etc/

       # cp -a /var/named/* /chroot/named/etc/namedb/

  BIND ÍÊí namedb fBNgÖÌ«±Ý ÀðKvÆµÜ·Bµ©µ
  ZLeBðµµ·é½ßÉA±êÍ³È¢±ÆÉµÜµå¤B¨g¢
  Ì DNS ª é][ðX[uÅT[rX·éêÍA BIND Í»Ì][
  t@CðXVÅ«È¯êÎÈèÜ¹ñB·Èí¿±êçÌt@CÉÍÊÌ
  fBNgÉÛ¶³¹éæ¤ÉµÄA»±É BIND ©çÌ«ÝANZX
  ð·©½¿ÉµÜ·B

       # chown -R named:named /chroot/named/etc/namedb/slave

  ±±ÅAX[u][ÍS±ÌfBNgÉÚ®·éÌðYêÈ¢±
  ÆBÜ½A»êÉ¶Ä named.conf ÌÏXàKvÉÈèÜ·B

  BIND Í /var/run fBNgÖà«±Ý ÀðKvÆµÜ·B pid t@
  CÆvîñð±±Éìé©çÅ·BÌR}hÅ±êðÂ\ÉµÄâè
  Üµå¤B

       # chown named:named /chroot/named/var/run

  2.4.  VXeÌT|[gt@C

  BIND ª chroot jail àÅÌÀsðnßéÆA jail OÌt@CÖÍê
  ØANZXÅ«ÈÈèÜ·Bµ©µA¢Â©ÌdvÈt@CÉÍÀsã
  àANZXÅ«È¯êÎÈèÜ¹ñB½¾µ BIND 8 Éä×éÆ¾¢ÔÈ¢
  Å·ªB

  BIND ª jail ÌàÉKvÆ·ét@CÌÐÆÂÉA¢ÂàÌ 
  êA/dev/null ª èÜ·B±±ÅA±ÌfoCXm[hðìé½ßÉKvÈ
  R}hÍVXeÉæÁÄÙÈé±Æª èÜ·B /dev/MAKEDEV XNv
  gð²×ÄmFµÄ¾³¢BVXeÉæÁÄÍ /dev/zero ªKvÈ±Æ
  à èÜ·B BIND 9.2.0 [X\èÅÅÍA /dev/random ªKv¾Æ¢
  ¤ñà èÜ·BÙÆñÇÌ Linux VXeÅÍAÈºÌR}hªg¦
  Ü·B

       # mknod /chroot/named/dev/null c 1 3
       # mknod /chroot/named/dev/random c 1 8
       # chmod 666 /chroot/named/dev/{null,random}

  FreeBSD 4.3 ÅÍÌæ¤ÉÈèÜ·B

       # mknod /chroot/named/dev/null c 2 2
       # mknod /chroot/named/dev/random c 2 3
       # chmod 666 /chroot/named/dev/{null,random}

  ¼Éà jail àÌ /etc fBNgÉKvÈt@Cª èÜ·B BIND
  É³µ¢ÅOL^ð³¹éÉÍA /etc/localtime (VXeÉæÁÄ
  Í /usr/lib/zoneinfo/localtime ©àµêÜ¹ñ) ð±±ÉRs[·éKv
  ª èÜ·BÈºÌR}hª±ÌÊ|ð©ÄêÜ·B

       # cp /etc/localtime /chroot/named/etc/

  2.5.  OL^

  {¨ÌúlÆÍÙÈèABIND ÍOL^ðÇÉ±ÆÍÅ«Ü¹ñ :-)B
  Êí BIND ÍOðAVXeÌMOf[Å é syslogd oRÅL
  ^µÜ·B±Ì^CvÌOL^ÍAÁêÈ\PbgÅ é /dev/log ðÊµ
  ÄOGgðM·é±ÆÅsíêÜ·Bµ©µ±êÍ jail ÌOÉ 
  èÜ·©çABIND ©çÍg¦Ü¹ñBÅà èª½¢±ÆÉA±êðð·
  éû@Í¢Â©¶ÝµÜ·B

  2.5.1.  zIÈð

  ±ÌW}ÉÎ·ézIÈð@ÉÍA OpenBSD Å±ü³ê½ -a X
  Cb`ðT|[g·éAärIVµ¢o[WÌ syslogd ªKvÅ·B
  syslogd(8) Ì man y[Wð`FbNµÄA©ªÌgÁÄ¢éÌª±ê©Ç¤
  ©©Ä¾³¢B

  T|[gµÄ¢êÎAsyslogd ðN®·éÛÌR}hCÉ ``-a
  /chroot/named/dev/log'' ðÇÁ·é¾¯Å OK Å·B SysV-init ð·×Ä
  gÁÄ¢éVXe (Linux fBXgr[VÌÙÆñÇÍ»¤) È
  çAN®ÍÊí /etc/rc.d/init.d/syslog t@CÅÈ³êÜ·Bá¦ÎA
  Ì Red Hat Linux VXeÅÍAÍ

       daemon syslogd -m 0

  Ìsð

       daemon syslogd -m 0 -a /chroot/named/dev/log

  ÆÏXµÜµ½B

  Ê¢±ÆÉ Red Hat 7.2 ÅÍA©½Æ±ë Red Hat Í±ÌðàÁÆÈ
  PÉµÄ¢Ü·B»ÝÍ /etc/sysconfig/syslog Æ¢¤t@Cª èA±
  ±ÉÍ syslogd É]ªÉ^¦ép[^ðè`Å«éÌÅ·B

  Caldera OpenLinux VXeÅÍ ssd Æ¢¤f[`ðgÁÄ¨
  èA±êÍÝèð /etc/sysconfig/daemons/syslog ©çÇÝÜ·B±ÌÌ
  IvVsðÈºÌæ¤ÉC³·é¾¯Å·B

       OPTIONS_SYSLOGD="-m 0 -a /chroot/named/dev/log"

  ¯lÉ SuSE VXeÅÍA±ÌXCb`Í /etc/rc.config t@CÉÇÁ
  ·éÌªÇ¢»¤Å·B

       SYSLOGD_PARAMS=""

  Æ¢¤sð

       SYSLOGD_PARAMS="-a /chroot/named/dev/log"

  Æ·êÎ OK Å·B

  »µÄÅãÉ (Æ¢ÁÄàdv«ÌÅÍÈ¢Å·æ) FreeBSD 4.3 ÅÍA
  rc.conf t@CðÒWµÄÌsðÇÁ·êÎæ¢»¤Å·B

       syslogd_flags="-s -l /chroot/named/dev/log"

  -s ÍZLeBãÌâè©ç^¦éàÌÅAftHgÌÝèÌêÅ
  ·B -l ÍAÊÌOm[hªu©êÄ¢é[JÈpX¼Å·B

  yó: Debian Èç /etc/init.d/syslogd Ì

       SYSLOGD=""

  Æ¢¤sð

       SYSLOGD="-a /chroot/named/dev/log"

  ÆµÜ·Bz

  ¨g¢ÌVXeÅÌÏXû@ªí©Á½çA syslogd ðÄN®·é¾¯Å
  ·Bkill µÄÄÑ (ÇÁp[^ÆÆàÉ) N®µÄà¢¢Å·µA
  SysV-init XNvgðgÁÄÌæ¤É·éÌÅàÇ¢Åµå¤B

       # /etc/rc.d/init.d/syslog stop
       # /etc/rc.d/init.d/syslog start

  ÄN®Å«½çA/chroot/named/dev ÉÈºÌæ¤È log Æ¢¤ut@C
  vªÅ«Ä¢éÍ¸Å·B

  srw-rw-rw-   1 root     root            0 Mar 13 20:58 log

  2.5.2.  ÊÌð

  Ã¢ syslogd ðgÁÄ¢éêÍAOðæéÉÍÊÌû@ð©Â¯È¯ê
  ÎÈèÜ¹ñBá¦Î hoellogd Ìæ¤ÈAuvLVvÆµÄ®ì·éæ¤
  Ýv³êÄ¢évOà¶ÝµÜ·B±êÍ chroot ³ê½ BIND ©ç
  OGgðó¯æèA»êðÊíÌ /dev/log \PbgÉnµÜ·B

   é¢ÍABIND ðÝèµÄAOð syslog ÉéÌÅÍÈt@CÉ
  «±Þæ¤ÉàÅ«Ü·B±Ìû@ðIÔÈçABIND Ì¶É ½ÁÄÚ×
  ð²×Ä¾³¢B

  2.6.  p[~bVðµµ·é

  Ü¸ÅÉA/chroot fBNgSÌÖÌANZXðAÎÁ³è root [
  UÌÝÉÀÁÄµÜ¢Üµå¤Bà¿ëñA±¤µ½¢lÎ©èÅÍÈ¢Å
  µå¤BÁÉ¼Ì\tgEFAð±Ìc[ÈºÉCXg[µÄ¢ÄA±
  ÌÏXª»Ì\tgÉÍKØÅÈ¢æ¤ÈêÉÍ»¤Å·ËB

       # chown root /chroot
       # chmod 700 /chroot

  ¯¶ /chroot/named ÖÌANZXÍA named [UÉÌÝÀÁÄµÜÁÄ
  åävÅ·B

       # chown named:named /chroot/named
       # chmod 700 /chroot/named

  àÁÆµµµ½¢êÍA Linux VXeÈç ext2 t@CVXeÉ
   ét@CâfBNgÌ®«ðA chattr Æ¢¤c[Å immutable
  (sÏ) É·é±ÆàÅ«Ü·B

       # cd /chroot/named
       # chattr +i etc etc/localtime var

  ¯lÉ FreeBSD 4.3 Å±êçð immutable Éµ½¢ÈçA chflags ð²×
  ÄÝÜµå¤Bá¦ÎÌæ¤É·êÎA/chroot/named/etc fBNgÈ
  ºÌ·×Äð immutable ÉÅ«Ü·B

       # chflags schg /chroot/named/etc/*(*).

  ±êçð dev fBNgÉà{¹êÎÇ¢ÌÅµå¤ªAcOÈªç±¤
  ·éÆ syslogd ª±±É dev/log \PbgðìêÈÈÁÄµÜ¢Ü·B
  jail ÌàÉ é¼Ìt@CÉ immutable rbgð§ÄÄàæ¢Åµå¤
  (á¦ÎvC}][t@CðÏX³ê½È¢êÈÇ)B

  3.  sJsJÌ BIND ðVKÉRpCECXg[·é

  3.1.  RpC·é

  chroot jail Åp¢é BIND 9 ÌRpCÍA BIND 8 ÌÆ«æèà¸ÁÆ
  õKÈìÆÆÈéÅµå¤BÀÌÆ±ëAµÈ¯êÎÈçÈ¢±ÆÍÁÉ½à
  ÈAWIÈ ./configure && make ¾¯ÅÇ¢ÌÅ·B

  ½¾µ IPv6 ðT|[gµ½ BIND ð Linux VXeÅìè½¢ê
  (--enable-ipv6) ÍAJ[lÆ glibc Ìo[Wðí¹È¯êÎÈè
  Ü¹ñBJ[l 2.2 Èç glibc 2.1 ªKvÅ·BJ[l 2.4 Èç
  glibc 2.2 ªKvÅ·B BIND Í±Ì_ÉÂ¢ÄÍñíÉ¤é³¢Å·B

  4.  BIND ðCXg[·é

  àµ·ÅÉ (á¦Î RPM ÈÇ©ç) CXg[³êÄ¢é BIND ª éê
  ÍAVµ¢ÌðCXg[·éOÉ»êðí·éKvª éÆv¢Ü
  ·B Red Hat VXeÅÍ bind Æ bind-util ÌpbP[WA»µÄ bind-
  devel Æ caching-nameserver ÈÇàA¶ÝµÄ¢½çí·éKvª éÅ
  µå¤B

  àµ init XNvg (·Èí¿ /etc/rc.d/init.d/named) ª Á½ê
  ÍApbP[WÌíÌOÉA±Ìt@CðRs[µÄÛ¶µÄ¨Ù¤ª
  ¢¢Åµå¤B«ÁÆ ÆÅðÉ§¿Ü·B

  BIND 8 Ìæ¤ÈAÃ¢o[WÌ BIND ©çAbvO[h·éêÍA
  BIND Ì\[XpbP[WÌ doc/misc/migration É éAÚsÌ½ßÌ¶
  ðÇñÅ¨Ù¤ª¢¢Åµå¤BÚsÉÖ·éàeÍA±Ì¶ÅÍµ¢Ü
  ¹ñBPÉ»Ý®ìµÄ¢é BIND 9 ÌCXg[ðu«·¦æ¤ÆµÄ¢
  éAÆ¢¤Ìª{¶ÅÌzèÎÛÅ·B

  4.1.  oCiðCXg[·é

  ±êÍÈPÅ· :-) make install ðÀsµÄA¨Ü©¹·é¾¯Å·B¢
  âA{É±ê¾¯ÈñÅ·æ!

  4.2.  init XNvgðÒW·éB

  fBXgr[VÉÜÜêÄ¢é init XNvgª êÎAVµ¢o
  CiðKØÈXCb`ÅN®·éæ¤ÉA»¢ÂðÏX·éÌªÅàÈPÅ
  µå¤BXCb`Í... (±±Åh[...)

  o  -u named, ±êÍ BIND ð[U root ÅÍÈ named ÅÀsµÜ·B

  o  -t /chroot/named, ±êÉæè BIND Í©ª©gð (æÉpÓµ½) jail
     É chroot µÜ·B

  o  -c /etc/named.conf, ±êÍ BIND ÉA jail ÌàÉ¨¯éÝèt@C
     Ì è©ð³¦Ü·B

  ÈºÌ init XNvgÍAÒª©ªÌ Red Hat 6.0 VXeÅgÁÄ¢
  éàÌÅ·B¨í©èÌÆ¨èAÙÆñÇÍ Red Hat ÌàÌÆÏíè èÜ
  ¹ñBí½µÍ rndc R}hÍÜ¾µÄ¢Ü¹ñªA±êª®©È¢R
  ÍÈ¢Í¸Å·B

  ______________________________________________________________________
  #!/bin/sh
  #
  # named           This shell script takes care of starting and stopping
  #                 named (BIND DNS server).
  #
  # chkconfig: 345 55 45
  # description: named (BIND) is a Domain Name Server (DNS) \
  # that is used to resolve host names to IP addresses.
  # probe: true

  # Source function library.
  . /etc/rc.d/init.d/functions

  # Source networking configuration.
  . /etc/sysconfig/network

  # Check that networking is up.
  [ ${NETWORKING} = "no" ] && exit 0

  [ -f /usr/local/sbin/named ] || exit 0

  [ -f /chroot/named/etc/named.conf ] || exit 0

  # See how we were called.
  case "$1" in
    start)
          # Start daemons.
          echo -n "Starting named: "
          daemon /usr/local/sbin/named -u named -t /chroot/named -c /etc/named.conf
          echo
          touch /var/lock/subsys/named
          ;;
    stop)
          # Stop daemons.
          echo -n "Shutting down named: "
          killproc named
          rm -f /var/lock/subsys/named
          echo
          ;;
    status)
          status named
          exit $?
          ;;
    restart)
          $0 stop
          $0 start
          exit $?
          ;;
    reload)
          /usr/local/sbin/rndc reload
          exit $?
          ;;
    probe)
          # named knows how to reload intelligently; we don't want linuxconf
          # to offer to restart every time
          /usr/local/sbin/rndc reload >/dev/null 2>&1 || echo start
          exit 0
          ;;

    *)
          echo "Usage: named {start|stop|status|restart|reload}"
          exit 1
  esac

  exit 0
  ______________________________________________________________________

  syslogd ÅÌêÆ¯¶A»ÝÌ Red Hat 7.2 ÅÍA±ÌßöÍ³çÉÈ
  PÉÈÁÄ¢Ü·B /etc/sysconfig/named Æ¢¤t@Cª èA±±Å
  named É^¦éÇÁp[^ðè`Å«Ü·B½¾µ Red Hat 7.2 ÅÌf
  tHgÌ /etc/rc.d/init.d/named ÅÍAN®OÉ /etc/named.conf ª 
  é©ð`FbNµÜ·B±ÌpXÍÏXµÈ¯êÎÈèÜ¹ñB

  Caldera OpenLinux VXeÅÍAæªtßÅè`³êÄ¢éÏðC³µA
  ÈºÌæ¤É·êÎ OK Å·B

       NAME=named
       DAEMON=/usr/local/sbin/$NAME
       OPTIONS="-t /chroot/named -u named -c /etc/named.conf"

  »µÄ FreeBSD 4.3 ÅÍArc.conf t@CðÒWµÄAÌsðÇÁµÜ
  ·B

       named_enable="YES"
       named_program="chroot/named/bin/named"
       named_flags="-u named -t /chroot/named -c /etc/namedb/named.conf"

  4.3.  ÝèðÏX·é

  named.conf Éà¢Â©ÇÁEC³ðs¢A¢ë¢ëÈfBNgª³µ
  ®ì·éæ¤É·éKvª èÜ·BÁÉAÈºð option ZNVÉÇ
  Á ( é¢Í·ÅÉ êÎC³) µÈ¯êÎÈèÜ¹ñB

       directory "/etc/namedb";
       pid-file "/var/run/named.pid";
       statistics-file "/var/run/named.stats";

  ±êçÌt@CÍ named f[ªÇÞ±ÆÉÈéÌÅAà¿ëñpXÍ
  ·×Ä chroot jail àÅÌÎÊuÉÈèÜ·B·MÌ_ÅÍABIND 9
  ÍOÌo[WÅT|[g³êÄ¢½vîñâ_vt@CÌ½ð¢
  ¾T|[gµÄ¢Ü¹ñB¨»ç¡ãÍT|[g³êÄ¢Æv¢Ü·BÇ
  ÒÌ¨g¢ÌàÌª±Ìæ¤Èo[WÅ éêÍA BIND ª»êçð
  /var/run fBNgÉ¯éæ¤ÉA¢Â©Ggð¯¶æ¤ÉÇÁ
  ·éKvª éÅµå¤B

  5.  WEGh

  5.1.  BIND ÌN®

  ±êÅ·×ÄÌÝèªI¹µÜµ½BVµ¢AæèÀSÈ BIND ðÀsÉÚ¹
  éª½í¯Å·B SysV `®Ì init XNvgðp¢Ä¢éÈçAÌ
  æ¤ÉÀs·é¾¯Å·B

  # /etc/rc.d/init.d/named start

  ÀsOÉÃ¢o[WÌ BIND ªÀs¾Á½ç kill ·éÌðYêÈ¢æ
  ¤ÉB

  5.2.  Èã!

  ±êÅÀSµÄ°é±ÆªÅ«Ü·Ë ;-)

  6.  t^ - ãÉ BIND ðAbvO[h·éÉÍ

  ³ÄAâÁÆ BIND 9.1.2 ª¤Ü chroot µÄA]ÝÌÆ¨èÉ`[Å
  «Üµ½...  »¤µ½çABIND 9.1.3 ª[X³êA¼¿É±¿çð½ß
  ·×«AÆÌ §½µ¢\ª¬êÄ«Üµ½B±ÌVµ¢o[WÅàA±
  ±ÜÅq×Ä«½·¢è±«SÌðJèÔ³È¯êÎÈçÈ¢ÌÅµå¤©?

  ¢¢¦BÀÛÉKvÈÌÍAVµ¢o[WÌ BIND ðRpCµÄAÃ
  ¢àÌÉã«CXg[·é¾¯Å·B½¾µ»ÌãÃ¢Åð kill µ
  ÄABIND ðÄN®·é±ÆB³àÈ¢ÆÃ¢o[Wª»ÌÜÜÀsµ±
  ¯Ä¢Ü·©ç!

  7.  t^ - Ó«

  ±Ì HOWTO Ìì¬Ì¯ÆÈÁÄ¾³Á½AÈºÌûXÉ´ÓµÜ·B

  o  Lonny Selinger <lonny at abyss.za.org> ÍA±Ì HOWTO ÌÅÌÅð
     ueXgvµÄ¾³èAKvÈè±«ðòÎµÄ¢È¢±ÆðMÒÉm
     M³¹ÄêÜµ½B

  o  Chirik <chirik at CastleFur.COM>, Dwayne Litzenberger <dlitz at
     dlitz.net>, Phil Bambridge <phil.b at cableinet.co.uk>, Robert Cole
     <rcole at metrum-datatape.com>, Colin MacDonald <colinm at
     telus.net> Ù©A½ÌF³ñª±Ì¶ÌÔá¢AðwEµÄ¢½
     ¾«AÜ½±Ì HOWOTO ðæèÇ·é½ßÌLvÈAhoCXð¾³
     ¢Üµ½B

  o  Erik Wallin <erikw at sec.se> Æ Brian Cervenka <brian at
     zerobelow.org> ÍAjail ð³çÉÅÉ·é½ßÌADê½ñÄðÁ
     ÄêÜµ½B

  o  Robert Dalton <support at accesswest.com> ÍAR}háðÇÁÄð
     ñÄµÄ¾³èAÜ½ BIND 9.2.0 ÅÍ /dev/random ªKvÆÈé±Æ
     ðwEµÄêÜµ½B

  o  Eric McCormick <hostmaster at cybertime.net> Í FreeBSD 4.3 Ìîñ
     ðÁÄêÜµ½B

  o  Tan Zheng Da <tzd at pobox.com> ÍAìÆðXyÉµÄêéA Red
     Hat 7.2 ÅÈ³ê½ÏXÌÚ×ð³¦ÄêÜµ½B

  »µÄÅãÉA Chroot-BIND HOWTO ðú{êÉ|óµÄê½ Nakano Takeo
  <nakano at apm.seikei.ac.jp> É´ÓµÜ·B±Ì|óÍ
  <http://www.linux.or.jp/JF/JFdocs/Chroot-BIND-HOWTO.html> É èÜ·B

  yó: |óÉ ½ÁÄÍAxcÏp³ñÆ´S³ñÉLvÈRgð¢
  ½¾«Üµ½Bz

  8.  t^ - ¶Ìzz|V[

  Copyright (C) Scott Wunsch, 2000-2001.  This document may be
  distributed only subject to the terms set forth in the LDP licence at
  <http://metalab.unc.edu/LDP/COPYRIGHT.html>.

  This HOWTO is free documentation; you can redistribute it and/or
  modify it under the terms of the LDP licence.  It is distributed in
  the hope that it will be useful, but without any warranty; without
  even the impled warranty of merchantability or fitness for a
  particular purpose.  See the LDP licence for more details.

  yó: ´¶ªDæ³êÜ·ªAQÆÌ½ßÉ|óð¦µÜ·B

  Copyright (C) Scott Wunsch, 2000-2001.  ±Ì¶Í
  <http://metalab.unc.edu/LDP/COPYRIGHT.html> É é LDP CZXÉ]
  ¦ÎzzÅ«Ü·B

  ±Ì HOWTO Ít[¶Å·B LDP CZXÌºÅÄzzEüÏªÂ\Å
  ·B±Ì¶ÍLvÅ çñ±ÆðèÁÄzz³êÄ¢Ü·ªAÛØÍêØ 
  èÜ¹ñBÃÙÌàÌàÜßA¤pÉð§ÂÛØà èÜ¹ñµAÁèÌpr
  Év·é©Ç¤©àí©èÜ¹ñBÚ×Í LDP CZXð©Ä¾³
  ¢B

  È¨|óÅà LDP CZXÌºÅÄzzEüÏÂ\ÆµÜ·B Copyright
  (C) NAKANO Takeo, 2001.z