Comment 7 for bug 236510

The apparmor profile contains bind9 in a similar way that the traditional chrooting does. There is no reason to chroot bind9 on Ubuntu if you are using the AppArmor profile. The reason why the profile was developed was so that all bind9 users would benefit from the enhanced security of running bind9 under confinement, and not require users to have to diverge from the standard installation and use chroot.

Users are welcome to use traditional chrooting if they prefer, and need only disable the apparmor profile by performing:
$ sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.named
$ ln -s /etc/apparmor.d/usr.sbin.named /etc/apparmor.d/disable/usr.sbin.named

The first unloads the profile from the kernel, and the second disables the profile on boot.