The RPM upgrade to the new P7 patch level of Bind changes the way bind is run, so that it runs under user named, group named, instead of root.root. While a good move security-wise, the installation scripts were not sufficient to properly do this upgrade. I'm cleaning up a lot of systems by hand. Specifically, the /var/run/named.pid file should have been set to named.named ownership, and the entire contents of /var/named should have been set (i.e. chown -R named.named /var/named) to ensure all existing zone files in that directory are properly set. This last is especially important on secondary name servers, where those files must be overwritten by the running named process when zones are updated. I observed this behaviour with Redhat 6.1 plus patches, but it will certainly happen the same way on all releases to which this patch is applied.
Further problems. It's not enough to set ownership on /var/run/named.pid, since bind wants to be able to CREATE the pid file. My solution to this is to create a directory: /var/run/named which is owned by named.named, then alter /etc/named.conf to include in the options area: pid-file "/var/run/named/named.pid"; While this works, it appears it'll confuse the library of functions in /etc/rc.d/init.d/functions which expect the PID file to be in /var/run. The solution to this would be to alter the /etc/rc.d/init.d/named script to NOT use /etc/rc.d/init.d/functions at all. Is anyone at RedHat actually looking into a fixed RPM for this? I'm busy repatching a few dozen systems, but sooner or later the masses are going to scream for a fixed RPM.
The current bind package uses /var/run/named/named.pid for it's pid file as suggested in the bind FAQ.