diff --git a/bind-chroot-admin.in b/bind-chroot-admin.in
index 7d4a5d3..be6064d 100644
--- a/bind-chroot-admin.in
+++ b/bind-chroot-admin.in
@@ -55,11 +55,9 @@ function selinux_enabled()
 {
     if [ -x /usr/sbin/selinuxenabled ]; then
       /usr/sbin/selinuxenabled;
-      if [ $? -eq 0 ]; then
-        return 1;
-      fi;
+      return $?;
     fi;
-    return 0;
+    return 1;
 }
 
 function check_dirs()
@@ -209,6 +207,27 @@ function disable_bind_chroot()
     /bin/sed -i -e '/^ROOTDIR=/d' /etc/sysconfig/named;
 }
 
+function master_zone_writes_enabled()
+{
+    if selinux_enabled; then
+	if [ -x /usr/sbin/getsebool ]; then
+	    named_write_master_zones=`/usr/sbin/getsebool named_write_master_zones | cut -d' ' -f3`;
+	    if [ $named_write_master_zones == "on" ]; then
+		return 0;
+	    else
+		return 1;
+	    fi;
+	fi;
+    fi;
+
+    . /etc/sysconfig/named
+    if [ "$ENABLE_ZONE_WRITE" =  [yY1]* ]; then
+	return 0;
+    fi;
+
+    return 1;
+}
+
 function sync_files()
 {
     rootdir;
@@ -248,9 +267,14 @@ function sync_files()
 };'     > /etc/rndc.key;
     elif /bin/egrep -q '@KEY@' /etc/rndc.key; then
 	/bin/sed -i -e 's^@KEY@^'`/usr/sbin/dns-keygen`'^' /etc/rndc.key ;
-    fi    
-    chown -h root:named /var/named/* >/dev/null 2>&1;
-    chown -h root:named ${BIND_CHROOT_PREFIX}/var/named/* >/dev/null 2>&1;
+    fi
+    if master_zone_writes_enabled; then
+	chown -h named:named /var/named/* >/dev/null 2>&1;
+	chown -h named:named ${BIND_CHROOT_PREFIX}/var/named/* >/dev/null 2>&1;
+    else
+	chown -h root:named /var/named/* >/dev/null 2>&1;
+	chown -h root:named ${BIND_CHROOT_PREFIX}/var/named/* >/dev/null 2>&1;
+    fi
     chown -h root:named /etc/{named,rndc}.* >/dev/null 2>&1;
     chown -h root:named ${BIND_CHROOT_PREFIX}/etc/{named,rndc}.* >/dev/null 2>&1;
     chmod 750 ${pfx}/var/named  >/dev/null 2>&1;
diff --git a/bind.spec b/bind.spec
index 08ef4e4..6969022 100644
--- a/bind.spec
+++ b/bind.spec
@@ -480,7 +480,7 @@ for f in my.internal.zone.db slaves/my.slave.internal.zone.db slaves/my.ddns.int
   echo '@ in soa localhost. root 1 3H 15M 1W 1D
   ns localhost.' > sample/var/named/$f; 
 done
-/usr/bin/tail -n '+'`/bin/egrep -n '\\$Id: bind.spec,v 1.179 2007/05/07 10:23:57 atkac Exp $/+1/' | bc` bin/rndc/rndc.conf | sed '/Sample rndc configuration file./{p;i\
+/usr/bin/tail -n '+'`/bin/egrep -n '\\$Id: bind.spec,v 1.180 2007/05/15 12:17:17 atkac Exp $/+1/' | bc` bin/rndc/rndc.conf | sed '/Sample rndc configuration file./{p;i\
  *\
  * NOTE: you only need to create this file if it is to\
  * differ from the following default contents:
@@ -808,6 +808,9 @@ rm -rf ${RPM_BUILD_ROOT}
 
 
 %changelog
+* Tue May 15 2007 Adam Tkac <atkac redhat com> 31:9.4.1-3.fc7
+- fixed bind-chroot-admin dynamic DNS handling (#239149)
+
 * Mon May 07 2007 Adam Tkac <atkac redhat com> 31:9.4.1-2.fc7
 - test build on new build system