I rebuilt my server and setup bind to log queries in a chroot. ################################################################################ # Logging Configuration # logging { # # Define channels for the two log files # channel query_log { severity info; print-time yes; file "/var/log/query.log" versions 3 size 100M; }; channel activity_log { severity info; print-time yes; print-category yes; print-severity yes; file "/var/log/activity.log" versions 3 size 100M; Below is the security context of the files in the chroot. [root at josh log]# ls -alZ /var/named/chroot/var/log/activity.log -rw-r--r-- named named root:object_r:named_conf_t /var/named/chroot/var/log/activity.log [root at josh log]# ls -alZ /var/named/chroot/var/log/query.log -rw-r--r-- named named root:object_r:named_conf_t /var/named/chroot/var/log/query.log I temporarily disabled selinux but there was one simple step I missed (forgot since i did this years ago). I briefly recall creating a symlink and/or using chcon or one of the selinux commands. Thanks, Josh