--- bind/bin/named/include/named/globals.h
+++ bind/bin/named/include/named/globals.h
@@ -101,7 +101,7 @@ EXTERN isc_resourcevalue_t	ns_g_initopenfiles	INIT(0);
  * Misc.
  */
 EXTERN isc_boolean_t		ns_g_coreok		INIT(ISC_TRUE);
-EXTERN const char *		ns_g_chrootdir		INIT(NULL);
+EXTERN const char *		ns_g_chrootdir		INIT("@ROOT@");
 EXTERN isc_boolean_t		ns_g_foreground		INIT(ISC_FALSE);
 EXTERN isc_boolean_t		ns_g_logstderr		INIT(ISC_FALSE);
 
@@ -111,7 +111,7 @@ EXTERN const char *		lwresd_g_defaultpidfile INIT(NS_LOCALSTATEDIR
 							    "/run/lwresd.pid");
 EXTERN const char *		ns_g_pidfile		INIT(NS_LOCALSTATEDIR
 							    "/run/named.pid");
-EXTERN const char *		ns_g_username		INIT(NULL);
+EXTERN const char *		ns_g_username		INIT("named");
 
 EXTERN int			ns_g_listen		INIT(3);
 
--- bind/bin/named/named.8
+++ bind/bin/named/named.8
@@ -41,7 +41,7 @@ is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC.
 .PP
 When invoked without arguments,
 \fBnamed\fR
-will read the default configuration file
+will \fBchroot()\fR to \fI@ROOT@\fR, read the default configuration file
 \fI/etc/named.conf\fR, read any initial data, and listen for queries.
 .SH "OPTIONS"
 .PP
@@ -68,7 +68,7 @@ are mutually exclusive.
 Use
 \fIconfig\-file\fR
 as the configuration file instead of the default,
-\fI/etc/named.conf\fR. To ensure that reloading the configuration file continues to work after the server has changed its working directory due to to a possible
+\fI@ROOT@/etc/named.conf\fR. To ensure that reloading the configuration file continues to work after the server has changed its working directory due to a possible
 \fBdirectory\fR
 option in the configuration file,
 \fIconfig\-file\fR
@@ -150,6 +150,7 @@ reserves some file descriptors for its internal use.
 to
 \fIdirectory\fR
 after processing the command line arguments, but before reading the configuration file.
+By default, \fBnamed\fR \fBchroot()\fR's to \fI@ROOT@\fR.
 .RS
 .B "Warning:"
 This option should be used in conjunction with the
@@ -166,6 +167,7 @@ is defined allows a process with root privileges to escape a chroot jail.
 to
 \fIuser\fR
 after completing privileged operations, such as creating sockets that listen on privileged ports.
+By default, \fBnamed\fR will run as user \fInamed\fR.
 .RS
 .B "Note:"
 On Linux,