chroot implementation of bind and kea

[Viktor Dukhovni]

> On Nov 13, 2017, at 4:02 PM, Miroslav Lachman <000.fbsd at quip.cz> wrote:
> 
> I think keys can be updated by updating the port or by some dedicated
> periodic script. It seems safer to me.

In theory it may be safer.  In practice, it tends to not happen in a timely
manner, leading to outages.  Automated RFC 5011 key rollover is a necessity.
The package needs to support it by default.

-- 
	Viktor.