On RHEL7/CentOS7 selinux is enabled by default the bind-formula state enables logging by default. The default logging location is not suitable for the default selinux settings however. RHEL7/CentOS7 standard packaging expects named to log to /var/named/data instead of /var/log/named.
type=AVC msg=audit(1535031676.458:4738): avc: denied { open } for pid=33274 comm="named" path="/var/log/named/query.log" dev="dm-3" ino=262174 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file
So the default state settings on RHEL/CentOS7 is broken because the service cannot start due to not being able to write to the log file.
On RHEL7/CentOS7 selinux is enabled by default the bind-formula state enables logging by default. The default logging location is not suitable for the default selinux settings however. RHEL7/CentOS7 standard packaging expects named to log to
/var/named/datainstead of/var/log/named.type=AVC msg=audit(1535031676.458:4738): avc: denied { open } for pid=33274 comm="named" path="/var/log/named/query.log" dev="dm-3" ino=262174 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=fileSo the default state settings on RHEL/CentOS7 is broken because the service cannot start due to not being able to write to the log file.