Newer BIND versions support Type=notify process supervision using systemd which requires additional configuration steps for chrooted setups. We will rebind some of the systemd sockets using a drop-in:
[Service] ExecStartPre=/usr/bin/mount --bind /run/systemd/journal/socket/var/named/run/systemd/journal/socket ExecStartPre=/usr/bin/mount --bind /run/systemd/journal/stdout/var/named/run/systemd/journal/stdout ExecStartPre=/usr/bin/mount --bind /run/systemd/notify/var/named/run/systemd/notify ExecStopPost=/usr/bin/umount /var/named/run/systemd/journal/socket /var/named/run/systemd/journal/stdout /var/named/run/systemd/notify
To make this work, we need to manually create the systemd sockerts inside our chroot environment. Additionally, we need to make sure to adapt the directory permissions appropriately e.g. chown -R bind: /var/named/run/systemd/
mkdir -p /var/named/run/systemd/journal
The actual socket permissions can be either relaxed or restrictive for our setup as they will be overwritten once the service is started.
touch /var/named/run/systemd/notify
touch /var/named/run/systemd/journal/{socket,stdout}
