I wonder if running bind (not as root, of course) in a chroot jail is really worth the hassle. If you give it a correct uid/gid it'll only have access to public read-only files after all. If it were just a config option it'd be fine, but there's the mess with libs et. al. that does need some determination to overcome...