I just downloaded the bind-chroot rpm and looked into it with Archive manager (so I am lazy), and no files, just the chroot tree. I am assuming there is some script that Archive manager does not show, or I am just missing it, because the ROOTDIR= did get added to /etc/sysconfig/named (and the one in the bind rpm is without this line). Just interesting that if you chroot, you are expected to know that everything needs to be placed there. And they leave the /etc/named.conf there untouched. Seems they should remove this or make it a symlink? And what about /etc/rndc.key? your chrooted bind uses the /var/named/chroot/etc/rndc.key and rndc uses the /etc/rndc.key, or so it seems, so your rndc.key is left unprotected outside of the chroot jail? Am I missing something in the rndc setup with chrooted bind? I am not seeing any special instructions on this in the Redhat documentation.