It is a good idea to run named as a user other than root, so that if it is compromised the privileges gained by the cracker are as limited as possible. You first have to create a user and group for named to run under, and then modify whatever init script you use that starts named. Pass the new username and group to named using the -u and -g flags.
For example, in Debian GNU/Linux 2.2 you might modify your
/etc/init.d/bind
script to have the following line (where
user and group named have been created:
start-stop-daemon --start --quiet --exec /usr/sbin/named -- -u named -g named
The same can be done with Red Hat and the other distributions. Dave Lugo has described a secure dual chroot setup http://www.etherboy.com/dns/chrootdns.html which you may find interesting to read.