> this seems to be relevant in chroot environments; > > as I noticed when configuring the DDNS-feature, that this is a little > bit > weired, when running in a chroot environment; I saw the recommendation > not > to use a chroot in the man-page and removed bind-chroot and then the > zone > updates worked perfekt; > > so this file /etc/named.root.key isn't really used; or am I missing > something? These files are included in both my /etc/named.conf and /usr/share/doc/bind-x.x.x/named.conf.default which I probably used as a template years ago. I'm no dns expert but you'd probably need these files when accessing root servers directly without use of forwarders. I'm also using ddns and have my zone files in /var/named/chroot/var/named/dynamic. Selinux is enabled and I don't see any additional bind-related rules in my local policy or /etc/selinux/targeted/contexts/files/file_contexts.local.