<application>BIND</application> will be configured to run in a <command>chroot</command> jail as an unprivileged user (<systemitem class="username">named</systemitem>). This configuration is more secure in that a DNS compromise can only affect a few files in the <systemitem class="username">named</systemitem> user's <envar>HOME</envar> directory.