diff --git a/bind.spec b/bind.spec
index a35699e..e8b5e29 100644
--- a/bind.spec
+++ b/bind.spec
@@ -37,6 +37,10 @@
 %if %{with SDB}
 %global        chroot_sdb_prefix %{bind_dir}/chroot_sdb
 %endif
+%global        chroot_create_directories /dev /run/named %{_localstatedir}/{log,named,tmp} \\\
+                                         %{_sysconfdir}/{crypto-policies/back-ends,pki/dnssec-keys,named} \\\
+                                         %{_libdir}/bind
+
 %global        selinuxbooleans   named_write_master_zones=1
 ## The order of libs is important. See lib/Makefile.in for details
 %define bind_export_libs isc dns isccfg irs
@@ -859,44 +863,42 @@ else
 
 %install
 # Build directory hierarchy
-mkdir -p ${RPM_BUILD_ROOT}/etc/logrotate.d
+mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d
 mkdir -p ${RPM_BUILD_ROOT}%{_libdir}/bind
-mkdir -p ${RPM_BUILD_ROOT}/var/named/{slaves,data,dynamic}
+mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/named/{slaves,data,dynamic}
 mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/{man1,man5,man8}
 mkdir -p ${RPM_BUILD_ROOT}/run/named
-mkdir -p ${RPM_BUILD_ROOT}/var/log
+mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/log
 
 #chroot
-mkdir -p ${RPM_BUILD_ROOT}/%{chroot_prefix}/{dev,etc,var,run/named}
-mkdir -p ${RPM_BUILD_ROOT}/%{chroot_prefix}/var/{log,named,tmp}
-mkdir -p ${RPM_BUILD_ROOT}/%{chroot_prefix}/etc/crypto-policies/back-ends
+for D in %{chroot_create_directories}
+do
+  mkdir -p ${RPM_BUILD_ROOT}/%{chroot_prefix}${D}
+done
 
 # create symlink as it is on real filesystem
 pushd ${RPM_BUILD_ROOT}/%{chroot_prefix}/var
 ln -s ../run run
 popd
 
-mkdir -p ${RPM_BUILD_ROOT}/%{chroot_prefix}/etc/{pki/dnssec-keys,named}
-mkdir -p ${RPM_BUILD_ROOT}/%{chroot_prefix}/%{_libdir}/bind
 # these are required to prevent them being erased during upgrade of previous
-touch ${RPM_BUILD_ROOT}/%{chroot_prefix}/etc/named.conf
+touch ${RPM_BUILD_ROOT}/%{chroot_prefix}%{_sysconfdir}/named.conf
 #end chroot
 
 #sdb-chroot
 %if %{with SDB}
-mkdir -p ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}/{dev,etc,var,run/named}
-mkdir -p ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}/var/{log,named,tmp}
-mkdir -p ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}/etc/crypto-policies/back-ends
+for D in %{chroot_create_directories}
+do
+  mkdir -p ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}${D}
+done
 
 # create symlink as it is on real filesystem
-pushd ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}/var
+pushd ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}%{_localstatedir}
 ln -s ../run run
 popd
 
-mkdir -p ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}/etc/{pki/dnssec-keys,named}
-mkdir -p ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}/%{_libdir}/bind
 # these are required to prevent them being erased during upgrade of previous
-touch ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}/etc/named.conf
+touch ${RPM_BUILD_ROOT}/%{chroot_sdb_prefix}%{_sysconfdir}/named.conf
 %endif
 #end sdb-chroot
 
@@ -1382,27 +1384,27 @@ fi;
 %defattr(0640,root,named,0750)
 %dir %{chroot_prefix}
 %dir %{chroot_prefix}/dev
-%dir %{chroot_prefix}/etc
-%dir %{chroot_prefix}/etc/named
-%dir %{chroot_prefix}/etc/pki
-%dir %{chroot_prefix}/etc/pki/dnssec-keys
-%dir %{chroot_prefix}/etc/crypto-policies
-%dir %{chroot_prefix}/etc/crypto-policies/back-ends
-%dir %{chroot_prefix}/var
+%dir %{chroot_prefix}%{_sysconfdir}
+%dir %{chroot_prefix}%{_sysconfdir}/named
+%dir %{chroot_prefix}%{_sysconfdir}/pki
+%dir %{chroot_prefix}%{_sysconfdir}/pki/dnssec-keys
+%dir %{chroot_prefix}%{_sysconfdir}/crypto-policies
+%dir %{chroot_prefix}%{_sysconfdir}/crypto-policies/back-ends
+%dir %{chroot_prefix}%{_localstatedir}
 %dir %{chroot_prefix}/run
-%ghost %config(noreplace) %{chroot_prefix}/etc/named.conf
+%ghost %config(noreplace) %{chroot_prefix}%{_sysconfdir}/named.conf
 %defattr(-,root,root,-)
 %dir %{chroot_prefix}/usr
 %dir %{chroot_prefix}/%{_libdir}
 %dir %{chroot_prefix}/%{_libdir}/bind
 %defattr(0660,root,named,01770)
-%dir %{chroot_prefix}/var/named
+%dir %{chroot_prefix}%{_localstatedir}/named
 %defattr(0660,named,named,0770)
-%dir %{chroot_prefix}/var/tmp
-%dir %{chroot_prefix}/var/log
+%dir %{chroot_prefix}%{_localstatedir}/tmp
+%dir %{chroot_prefix}%{_localstatedir}/log
 %defattr(-,named,named,-)
 %dir %{chroot_prefix}/run/named
-%{chroot_prefix}/var/run
+%{chroot_prefix}%{_localstatedir}/run
 
 %if %{with SDB}
 %files sdb-chroot
@@ -1418,27 +1420,27 @@ fi;
 %defattr(0640,root,named,0750)
 %dir %{chroot_sdb_prefix}
 %dir %{chroot_sdb_prefix}/dev
-%dir %{chroot_sdb_prefix}/etc
-%dir %{chroot_sdb_prefix}/etc/named
-%dir %{chroot_sdb_prefix}/etc/pki
-%dir %{chroot_sdb_prefix}/etc/pki/dnssec-keys
-%dir %{chroot_sdb_prefix}/etc/crypto-policies
-%dir %{chroot_sdb_prefix}/etc/crypto-policies/back-ends
-%dir %{chroot_sdb_prefix}/var
+%dir %{chroot_sdb_prefix}%{_sysconfdir}
+%dir %{chroot_sdb_prefix}%{_sysconfdir}/named
+%dir %{chroot_sdb_prefix}%{_sysconfdir}/pki
+%dir %{chroot_sdb_prefix}%{_sysconfdir}/pki/dnssec-keys
+%dir %{chroot_sdb_prefix}%{_sysconfdir}/crypto-policies
+%dir %{chroot_sdb_prefix}%{_sysconfdir}/crypto-policies/back-ends
+%dir %{chroot_sdb_prefix}%{_localstatedir}
 %dir %{chroot_sdb_prefix}/run
-%ghost %config(noreplace) %{chroot_sdb_prefix}/etc/named.conf
+%ghost %config(noreplace) %{chroot_sdb_prefix}%{_sysconfdir}/named.conf
 %defattr(0660,root,named,01770)
-%dir %{chroot_sdb_prefix}/var/named
+%dir %{chroot_sdb_prefix}%{_localstatedir}/named
 %defattr(-,root,root,-)
 %dir %{chroot_sdb_prefix}/usr
 %dir %{chroot_sdb_prefix}/%{_libdir}
 %dir %{chroot_sdb_prefix}/%{_libdir}/bind
 %defattr(0660,named,named,0770)
-%dir %{chroot_sdb_prefix}/var/tmp
-%dir %{chroot_sdb_prefix}/var/log
+%dir %{chroot_sdb_prefix}%{_localstatedir}/tmp
+%dir %{chroot_sdb_prefix}%{_localstatedir}/log
 %defattr(-,named,named,-)
 %dir %{chroot_sdb_prefix}/run/named
-%{chroot_sdb_prefix}/var/run
+%{chroot_sdb_prefix}%{_localstatedir}/run
 %endif
 
 %if %{with PKCS11}