Comment 9 for bug 236510

for what it's worth, here is my /etc/apparmor.d/local/usr.sbin.named:

   /var/bind9/chroot/etc/bind/** r,
   /var/bind9/chroot/var/lib/bind/** rw,
   /var/bind9/chroot/var/lib/bind/ rw,
   /var/bind9/chroot/var/cache/bind/** rw,
   /var/bind9/chroot/var/cache/bind/ rw,
   /var/bind9/chroot/var/run/named/named.pid w,
   /var/bind9/chroot/var/run/named/session.key w,
   /var/bind9/chroot/dev/random r,
   /var/bind9/chroot/dev/log w,
   /var/bind9/chroot/dev/null rw,

# support for resolvconf
   /{,var/,var/bind9/chroot/}run/named/named.options r,
   /var/bind9/chroot/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so rm,

No warantee at all, but it works for me (precise).