diff --git a/SOURCES/setup-named-chroot.sh b/SOURCES/setup-named-chroot.sh
index d7de36a..2326c49 100755
--- a/SOURCES/setup-named-chroot.sh
+++ b/SOURCES/setup-named-chroot.sh
@@ -1,9 +1,12 @@
 #!/bin/bash
 
+# Warning: the order is important
+# If a directory containing $ROOTDIR is listed here,
+# it MUST be listed last. (/var/named contains /var/named/chroot)
 ROOTDIR_MOUNT='/etc/localtime /etc/named /etc/pki/dnssec-keys /etc/named.root.key /etc/named.conf
-/etc/named.dnssec.keys /etc/named.rfc1912.zones /etc/rndc.conf /etc/rndc.key
-/usr/lib64/bind /usr/lib/bind /etc/named.iscdlv.key /run/named /var/named
-/etc/protocols /etc/services'
+/etc/named.dnssec.keys /etc/named.rfc1912.zones /etc/rndc.conf /etc/rndc.key /etc/named.iscdlv.key /etc/protocols /etc/services
+/usr/lib64/bind /usr/lib/bind /run/named
+/var/named'
 
 usage()
 {
diff --git a/SPECS/bind.spec b/SPECS/bind.spec
index f65cc3c..58bb869 100644
--- a/SPECS/bind.spec
+++ b/SPECS/bind.spec
@@ -25,7 +25,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  ISC
 Version:  9.9.4
-Release:  51%{?PATCHVER}%{?PREVER}%{?dist}
+Release:  51%{?PATCHVER}%{?PREVER}%{?dist}.1
 Epoch:    32
 Url:      http://www.isc.org/products/BIND/
 Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -1131,6 +1131,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %endif
 
 %changelog
+* Fri Oct 20 2017 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-51.1
+- Fix named-chroot restart leak (#1504700)
+
 * Thu Jun 29 2017 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-51
 - Fix CVE-2017-3142 and CVE-2017-3143