# /etc/init.d/bind9 stop
We need to edit /etc/default/bind9 to run the daemon as the unprivileged user bind and chrooted to /var/lib/named, change the content to
OPTS="-u bind -t /var/lib/named".
Creating all directories under /var/lib:
# mkdir -p /var/lib/named/etc
# mkdir /var/lib/named/dev
# mkdir -p /var/lib/named/var/cache/bind
# mkdir -p /var/lib/named/var/run/bind/run
To move the config dir and create symlink to prevent trouble on future updates run:
# mv /etc/bind /var/lib/named/etc
# ln -s /var/lib/named/etc/bind /etc/bind
Maybe you need much more files or directory created/moved depending on your configuration.
In the end we need to modify the start options of syslogd. Add
-a /var/lib/named/dev/log
to the value SYSLOGD in /etc/init.d/sysklogd and restart the daemons:
# /etc/init.d/sysklogd restart
# /etc/init.d/bind9 start