diff --git a/bind.spec b/bind.spec
index 2737d16..f642b77 100644
--- a/bind.spec
+++ b/bind.spec
@@ -32,7 +32,7 @@
 %global        chroot_prefix     %{bind_dir}/chroot
 %global        chroot_create_directories /dev /run/named %{_localstatedir}/{log,named,tmp} \\\
                                          %{_sysconfdir}/{crypto-policies/back-ends,pki/dnssec-keys,named} \\\
-                                         %{_libdir}/bind %{_libdir}/named %{_datadir}/GeoIP
+                                         %{_libdir}/bind %{_libdir}/named %{_datadir}/GeoIP /proc/sys/net/ipv4
 
 %global        selinuxbooleans   named_write_master_zones=1
 ## The order of libs is important. See lib/Makefile.in for details
@@ -53,7 +53,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  MPLv2.0
 Version:  9.16.21
-Release:  1%{?dist}
+Release:  2%{?dist}
 Epoch:    32
 Url:      https://www.isc.org/downloads/bind/
 #
@@ -1049,6 +1049,7 @@ fi;
 %dir %{chroot_prefix}/%{_libdir}
 %dir %{chroot_prefix}/%{_libdir}/bind
 %dir %{chroot_prefix}/%{_datadir}/GeoIP
+%{chroot_prefix}/proc
 %defattr(0660,root,named,01770)
 %dir %{chroot_prefix}%{_localstatedir}/named
 %defattr(0660,named,named,0770)
@@ -1121,6 +1122,9 @@ fi;
 %endif
 
 %changelog
+* Wed Oct 13 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.21-2
+- Propagate ephemeral port ranges to chroot (#2013597)
+
 * Wed Sep 15 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.21-1
 - Update to 9.16.21
 
diff --git a/named-chroot.files b/named-chroot.files
index 9a768e4..75e6aa1 100644
--- a/named-chroot.files
+++ b/named-chroot.files
@@ -20,6 +20,7 @@
 /usr/lib/named
 /usr/share/GeoIP
 /run/named
+/proc/sys/net/ipv4/ip_local_port_range
 # Warning: the order is important
 # If a directory containing $ROOTDIR is listed here,
 # it MUST be listed last. (/var/named contains /var/named/chroot)