PowerDNS' configuration folder is /etc/powerdns.
Ebuild sets permissions to 700 and user/group is root. PowerDNS drops privileges after start and runs (sub-)processes as pdns/pdns. For example using bind backend fails, because pdns can't read files in /etc/powerdns.
Jan 7 13:21:53 host2 pdns: Distributor caught fatal exception: Unable to open '/etc/powerdns/named.conf': Permission denied
Steps to Reproduce:
1. emerge net-dns/pdns
2. ls -l /etc | grep powerdns
drwx------ 2 root root 4096 Jan 5 22:52 powerdns
drwx------ 2 pdns pdns 4096 Jan 5 22:52 powerdns
drwxr-xr-x 2 root root 4096 Jan 5 22:52 powerdns
Both expexted results fix this issue. IMHO setting to pdns:pdns seems to be the best way, because pdns started as root has permissions implicit.
setting /etc/powerdns to pdns:pdns not the best way.
the pdns_server and pdns_recursor only needs access to read configuration files
best way is to set recursive permissions for /etc/powerdns to root:pdns
chown -R root:pdns /etc/powerdns
chmod 750 /etc/powerdns
chmod 640 /etc/powerdns/*.conf
affected not only 4.0 , also 4.3 latest in portage tree.
If you use systemd, after installing version 4.3.0 it is even impossible to start a service until permissions are fixed as shown above.