diff --git a/plinth/modules/bind/data/lib/systemd/system/bind9.service.d/freedombox.conf b/plinth/modules/bind/data/lib/systemd/system/bind9.service.d/freedombox.conf
new file mode 100644
index 000000000..09e2117cd
--- /dev/null
+++ b/plinth/modules/bind/data/lib/systemd/system/bind9.service.d/freedombox.conf
@@ -0,0 +1,15 @@
+[Service]
+LockPersonality=yes
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateMounts=yes
+PrivateTmp=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=full
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictRealtime=yes
+SystemCallArchitectures=native