Quoting Steve Bellovin (smb@research.att.com):
> named has a chroot option.  However, the bind9 package does
> not.  I would think that it should.

very much so.  I like what OpenBSD has done internally to it:

let it open logs and devices it needs (/dev/zero?), get user info
(getpwent() etc), then, before it starts up, THEN chroot into it's
area and become the user of choice.

I like intelligent programs that chroot themselves.  It means I
no longer have to whack around with log directories and such.