<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
<TITLE>Chroot-BIND8 HOWTO: �$B$G$-$?$F$N�(B BIND �$B$N%$%s%9%H!<%k�(B</TITLE>
<LINK HREF="Chroot-BIND8-HOWTO-5.html" REL=next>
<LINK HREF="Chroot-BIND8-HOWTO-3.html" REL=previous>
<LINK HREF="Chroot-BIND8-HOWTO.html#toc4" REL=contents>
</HEAD>
<BODY>
<A HREF="Chroot-BIND8-HOWTO-5.html">�$B<!$N%Z!<%8�(B</A>
<A HREF="Chroot-BIND8-HOWTO-3.html">�$BA0$N%Z!<%8�(B</A>
<A HREF="Chroot-BIND8-HOWTO.html#toc4">�$BL\<!$X�(B</A>
<HR>
<H2><A NAME="installing"></A> <A NAME="s4">4. �$B$G$-$?$F$N�(B BIND �$B$N%$%s%9%H!<%k�(B</A></H2>
<P>�$B4{$K�(B BIND �$B$,�(B (�$BNc$($P�(B RPM �$B$+$i�(B) �$B%$%s%9%H!<%k:Q$_$J$i!"�(B
�$B?7$7$$�(B BIND �$B$r%$%s%9%H!<%k$9$kA0$K!"$=$l$i$r:o=|$7$F$*$-$^$7$g$&!#�(B
Red Hat �$B$N%7%9%F%`$J$i!"�(B
<CODE>bind</CODE> �$B%Q%C%1!<%8$H�(B <CODE>bind-utils</CODE> �$B%Q%C%1!<%8$r:o=|$9$l$P$$$$$G$9!#�(B
�$B$b$7�(B <CODE>bind-devel</CODE> �$B$d�(B <CODE>caching-nameserver</CODE> �$B$,$"$C$?$i!"�(B
�$B$=$l$i$b:o=|$7$F$*$-$^$7$g$&!#�(B
<P>init �$B%9%/%j%W%H�(B (<CODE>/etc/rc.d/init.d/named</CODE>)
�$B$,$"$C$?$i!"%Q%C%1!<%8$N:o=|A0$K%3%T!<$rJ]B8$7$F$*$/$H$$$$$G$7$g$&!#�(B
�$B8e$GLr$KN)$A$^$9!#�(B
<P>
<H2><A NAME="ss4.1">4.1 jail �$B30It$X$N%D!<%k$N%$%s%9%H!<%k�(B</A>
</H2>
<P>�$B$3$l$O4JC1$JJ}$G$9�(B :-)
<CODE>make install</CODE> �$B$r<B9T$9$l$PA4It$d$C$F$/$l$^$9!#�(B
chroot �$B$G$J$$$[$&$N�(B BIND �$B$r4V0c$C$F<B9T$7$J$$$h$&$K!"�(B
�$B$"$H$G�(B <CODE>chmod 000 /usr/local/sbin/named</CODE>
�$B$r<B9T$7$F$*$/$H$$$$$+$b$7$l$^$;$s�(B
(�$B@h$K;d$,$*$9$9$a$7$?�(B <CODE>/usr/local/sbin</CODE>
�$B$rA*$P$J$+$C$??M$O!"�(B
�$B$3$3$G$O�(B <CODE>/usr/sbin/named</CODE> �$B$K$J$j$^$9�(B)�$B!#�(B
<P>�$B!ZLuCm�(B: �$B%P%$%J%j$N:F%S%k%I$r$7$J$1$l$P!"$3$3$N:n6H$OITMW$G$9$M!#![�(B
<P>
<H2><A NAME="ss4.2">4.2 �$B%P%$%J%j�(B</A>
</H2>
<P>chroot jail �$B$NCf$G@83h$9$kI,MW$,$"$k$N$O�(B 2 �$B$D$N%W%m%0%i%`$@$1$G$9!#�(B
�$B%a%$%s$N�(B <CODE>named</CODE> �$B%G!<%b%s<+?H$H�(B
<CODE>named-xfer</CODE> �$B$G$9!#8e<T$O%>!<%sE>Aw$KMQ$$$i$l$^$9!#�(B
�$B%=!<%9%D%j!<$+$i%3%T!<$9$k$@$1$G�(B OK �$B$G$9!#�(B
<BLOCKQUOTE><CODE>
<PRE>
# cp src/bin/named/named /chroot/named/bin
# cp src/bin/named-xfer/named-xfer /chroot/named/bin
</PRE>
</CODE></BLOCKQUOTE>
<P>�$B!ZLuCm�(B:
<A NAME="trans_dir-structure"></A>
�$B%P%$%J%j$N:F%S%k%I$r$7$J$1$l$P!"�(B
�$B$3$3$G$O%Q%C%1!<%8$K4^$^$l$k�(B <CODE>named</CODE>,
<CODE>named-xfer</CODE> �$B$r0\F0$9$l$PNI$$$G$9!#�(B
�$BLu<T$H$7$^$7$F$O!"�(B
�$B0\F0@h$K$O%G%U%)%k%H$rH?1G$5$;$F�(B <CODE>/chroot/named/usr/sbin</CODE>
�$B$NJ}$r$*$9$9$a$7$?$$$N$G$9$,!#![�(B
<P>
<H2><A NAME="ss4.3">4.3 init �$B%9%/%j%W%H$rJT=8$9$k!#�(B</A>
</H2>
<P>�$B%G%#%9%H%j%S%e!<%7%g%s$K4^$^$l$F$$$k�(B init �$B%9%/%j%W%H$,$"$l$P!"�(B
�$B$=$l$r�(B <CODE>/chroot/named/bin/named</CODE> �$B$r�(B
�$BE,@Z$J%9%$%C%A$H$H$b$K5/F0$9$k$h$&JQ99$9$k$N$,:G$b4JC1$G$7$g$&!#�(B
�$B%9%$%C%A$O�(B... <I>(�$B$3$3$G%I%i%`%m!<%k�(B...)</I>
<UL>
<LI><CODE>-u named</CODE>, �$B$3$l$O�(B BIND �$B$r%f!<%6�(B <CODE>root</CODE> �$B$G$O$J$/�(B <CODE>named</CODE>
�$B$G<B9T$7$^$9!#�(B</LI>
<LI><CODE>-g named</CODE>, �$B$3$l$O�(B BIND �$B$r%0%k!<%W�(B <CODE>root</CODE> �$B$d�(B <CODE>wheel</CODE> �$B$G$O$J$/�(B
<CODE>named</CODE> �$B$G<B9T$7$^$9!#�(B</LI>
<LI><CODE>-t /chroot/named</CODE>, �$B$3$l$O$K$h$j�(B BIND �$B$O<+J,<+?H$r�(B
(�$B@h$KMQ0U$7$?�(B) jail �$B$K�(B chroot �$B$7$^$9!#�(B</LI>
</UL>
<P>�$B0J2<$N�(B init �$B%9%/%j%W%H$O!"Cx<T$,<+J,$N�(B
Red Hat 6.0 �$B%7%9%F%`$G;H$C$F$$$k$b$N$G$9!#�(B
�$B$*$o$+$j$N$H$*$j!"$[$H$s$I$O�(B Red Hat �$B$N$b$N$HJQ$o$j$"$j$^$;$s!#�(B
<CODE>ndc restart</CODE> �$B%3%^%s%I$b>/!9JQ99$7!"�(B
chroot �$B$rJ]$C$?$^$^@5$7$/%5!<%P$r:F5/F0$9$k$h$&$K$7$F$"$j$^$9!#�(B
�$B$3$l$r$=$N$^$^%3%T!<$7$?$@$1$G$O;H$($J$$>l9g$G$b!"�(B
�$B$*;H$$$N�(B init �$B%9%/%j%W%H$KF1$8JQ99$O4JC1$K9T$($k$O$:$G$9!#�(B
<HR>
<PRE>
#!/bin/sh
#
# named This shell script takes care of starting and stopping
# named (BIND DNS server).
#
# chkconfig: 345 55 45
# description: named (BIND) is a Domain Name Server (DNS) \
# that is used to resolve host names to IP addresses.
# probe: true
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -f /chroot/named/bin/named ] || exit 0
[ -f /chroot/named/etc/named.conf ] || exit 0
# See how we were called.
case "$1" in
start)
# Start daemons.
echo -n "Starting named: "
daemon /chroot/named/bin/named -u named -g named -t /chroot/named
echo
touch /var/lock/subsys/named
;;
stop)
# Stop daemons.
echo -n "Shutting down named: "
killproc named
rm -f /var/lock/subsys/named
echo
;;
status)
/usr/local/sbin/ndc status
exit $?
;;
restart)
/usr/local/sbin/ndc -n /chroot/named/bin/named "restart -u named -g named -t /chroot/named"
exit $?
;;
reload)
/usr/local/sbin/ndc reload
exit $?
;;
probe)
# named knows how to reload intelligently; we don't want linuxconf
# to offer to restart every time
/usr/local/sbin/ndc reload >/dev/null 2>&1 || echo start
exit 0
;;
*)
echo "Usage: named {start|stop|status|restart}"
exit 1
esac
exit 0
</PRE>
<HR>
<P>Caldera OpenLinux �$B%7%9%F%`$G$O!"�(B
�$B@hF,IU6a$GDj5A$5$l$F$$$kJQ?t$r=$@5$7!"0J2<$N$h$&$K$9$l$P�(B OK �$B$G$9!#�(B
<BLOCKQUOTE><CODE>
<PRE>
NAME=named
DAEMON=/chroot/named/bin/$NAME
OPTIONS="-t /chroot/named -u named -g named"
</PRE>
</CODE></BLOCKQUOTE>
<P>�$B!ZLuCm�(B:
�$B@h$K=R$Y$?$h$&$K!"�(B
<CODE>ndc</CODE> �$B$K�(B <CODE>-c</CODE>, <CODE>-p</CODE>, <CODE>-n</CODE> �$B$J$I$N%*%W%7%g%s$rMQ$$$l$P!"�(B
�$B%P%$%J%j$N:F%3%s%Q%$%k$OLu<T$N4D6-$G$OITMW$G$7$?!#�(B
�$BLu<T$,�(B Debian �$B$G;H$C$F$$$k�(B init �$B%9%/%j%W%H�(B
(<CODE>/etc/init.d/bind</CODE>) �$B$r0J2<$K<($7$^$9!#�(B
<HR>
<PRE>
#!/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin
test -x /chroot/named/usr/sbin/named || exit 0
case "$1" in
start)
echo -n "Starting domain name service: named"
start-stop-daemon --start --quiet --exec /chroot/named/usr/sbin/named \
-- -u named -g named -t /chroot/named
echo "."
;;
stop)
echo -n "Stopping domain name service: named"
start-stop-daemon --stop --quiet \
--pidfile /chroot/named/var/run/named.pid \
--exec /chroot/named/usr/sbin/named
echo "."
;;
restart)
/usr/sbin/ndc -c /chroot/named/var/run/ndc \
-n /chroot/named/usr/sbin/named \
-p /chroot/named/var/run/named.pid \
"restart -u named -g named -t /chroot/named"
;;
reload)
/usr/sbin/ndc -c /chroot/named/var/run/ndc \
-n /chroot/named/usr/sbin/named \
-p /chroot/named/var/run/named.pid \
reload
;;
force-reload)
$0 restart
;;
*)
echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2
exit 1
;;
esac
exit 0
</PRE>
<HR>
�$B%P%$%J%j%U%!%$%k�(B (<CODE>named</CODE> �$B$H�(B <CODE>named-xfer</CODE>) �$B$NCV>l=j$O�(B
<A HREF="#trans_dir-structure">�$B%G%#%l%/%H%j9=B$$K4X$9$kLuCm�(B</A>
�$B$N$H$3$m$G=q$$$?$h$&$K!"�(Bchroot jail �$BFb$N�(B <CODE>/usr/sbin</CODE> �$B$K$7$F$$$^$9!#![�(B
<P>
<H2><A NAME="ss4.4">4.4 �$B@_Dj$rJQ99$9$k�(B</A>
</H2>
<P><CODE>named.conf</CODE> �$B$K$b$$$/$D$+DI2C!&=$@5$r9T$$!"�(B
�$B$$$m$$$m$J%G%#%l%/%H%j$,@5$7$/F0:n$9$k$h$&$K$9$kI,MW$,$"$j$^$9!#�(B
�$BFC$K!"0J2<$r�(B <CODE>option</CODE> �$B%;%/%7%g%s$KDI2C�(B (�$B$"$k$$$O$9$G$K$"$l$P=$@5�(B)
�$B$7$J$1$l$P$J$j$^$;$s!#�(B
<BLOCKQUOTE><CODE>
<PRE>
directory "/etc/namedb";
pid-file "/var/run/named.pid";
named-xfer "/bin/named-xfer";
</PRE>
</CODE></BLOCKQUOTE>
�$B$3$l$i$N%U%!%$%k$O�(B <CODE>named</CODE> �$B%G!<%b%s$,FI$`$3$H$K$J$k$N$G!"�(B
�$B$b$A$m$s%Q%9$O$9$Y$F�(B chroot jail �$BFbIt$G$NAjBP0LCV$K$J$j$^$9!#�(B
<P>�$B!ZLuCm�(B:
<A HREF="Chroot-BIND8-HOWTO-2.html#trans_named.conf">named.conf �$B$K4X$9$kLuCm�(B</A>
�$B$N$H$3$m$G=q$-$^$7$?$,!"�(B
directory �$B$O0l;~%U%!%$%k$NCV$->l=j$G$"$k$HF1;~$K�(B
�$B%>!<%s%U%!%$%k$N%Q%9;XDj$N%Y!<%9%G%#%l%/%H%j$K$J$k$H$3$m$G$9!#�(B
<P>pid-file �$B$O%G%U%)%k%H$HF1$8$J$N$GFC$K;XDj$NI,MW$O$J$7!"�(B
named-xfer �$B$O�(B
<A HREF="#trans_dir-structure">�$B%G%#%l%/%H%j9=B$$K4X$9$kLuCm�(B</A>
�$B$G=q$$$?$h$&$K!"%P%$%J%j$r�(B <CODE>/chroot/named/usr/sbin</CODE>
�$B$KCV$1$P;XDj$7$J$/$FNI$$$O$:$G$9!#![�(B
<P>�$B2??M$+$N?M$N%l%]!<%H$K$h$l$P!"�(B
�$B0J2<$NM>J,$J%V%m%C%/$r�(B <CODE>named.conf</CODE> �$B$K=q$+$J$$$H!"�(B
<CODE>ndc</CODE> �$B$,@5$7$/F0:n$7$J$$!"$H$N$3$H$G$9!#�(B
<BLOCKQUOTE><CODE>
<PRE>
controls {
unix "/var/run/ndc" perm 0600 owner 0 group 0;
};
</PRE>
</CODE></BLOCKQUOTE>
<P>
<HR>
<A HREF="Chroot-BIND8-HOWTO-5.html">�$B<!$N%Z!<%8�(B</A>
<A HREF="Chroot-BIND8-HOWTO-3.html">�$BA0$N%Z!<%8�(B</A>
<A HREF="Chroot-BIND8-HOWTO.html#toc4">�$BL\<!$X�(B</A>
</BODY>
</HTML>
