Is there any reason why bind zone files should be writeable by the named user by default? If not, I recommend making var/bind owned by root:named . While we're at it, perhaps we should chmod o-rwx named.conf as well?
Looks like this bug is pretty old, but I'd second the recommendation. Unless a zone is dynamic it shouldn't really be writable by the bind service account.
It's needed for dynamic zones only. Considering that Gentoo doesn't install any preconfigured dynamic zones at all, no point for these that get installed to be named-writeable indeed.
Sorry for the delay... Its fixed in bind-9.7.0_p1 ;)