1. Filesystem layout
On both deleuze and mire, BIND data lives in /etc/bind. This directory is seeded with the default files from the Debian bind9 package. Additionally, we add a zones subdirectory.
DomTool periodically deposits /etc/bind/named.conf.local, listing all of our hosted DNS zones and their master/slave statuses and configuration. DomTool also populates /etc/bind/zones with zonefiles referenced by /etc/bind/named.conf.local.
1.1. Permissions
/etc/bind/zones should be owned by user bind, since BIND seems to like creating temporary files there. I've only yet seen this matter during updating of slave zone information.