diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index e30ffd2e70e5..217f15cb2431 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -121,8 +121,7 @@ inetd_flags="-wW"		# Optional flags to inetd
 #
 named_enable="NO"		# Run named, the DNS server (or NO).
 named_program="named"		# path to named, if you want a different one.
-named_flags=""			# Flags for named
-#named_flags="-u bind -g bind"	# Flags for named
+named_flags="-u bind -g bind"	# Flags for named
 
 #
 # kerberos. Do not run the admin daemons on slave servers
diff --git a/etc/mtree/BSD.var.dist b/etc/mtree/BSD.var.dist
index 62015b51a0e1..ec8ebf77de87 100644
--- a/etc/mtree/BSD.var.dist
+++ b/etc/mtree/BSD.var.dist
@@ -55,6 +55,8 @@
     preserve
     ..
     run
+        named           uname=bind gname=bind
+        ..
     ..
     rwho            gname=daemon mode=0775
     ..
diff --git a/etc/namedb/named.conf b/etc/namedb/named.conf
index 8a53cfa1f8dd..89cf388fd0f2 100644
--- a/etc/namedb/named.conf
+++ b/etc/namedb/named.conf
@@ -8,6 +8,7 @@
 
 options {
 	directory "/etc/namedb";
+	pid-file "/var/run/named/pid";
 
 // In addition to the "forwarders" clause, you can force your name
 // server to never initiate queries of its own, but always ask its