diff --git a/container/Dockerfile b/container/Dockerfile
index 4a0ef75..bf2b2b1 100644
--- a/container/Dockerfile
+++ b/container/Dockerfile
@@ -17,7 +17,7 @@ env BIND_LOG -g
 # NOTE: Per Dockerfile manual --> need to mkdir the mounted dir to chown
 # &
 # Get latest bind.keys
-RUN mkdir -m 0770 -p /etc/bind && chown -R root:named /etc/bind ; \
+RUN mkdir -m 0750 -p /etc/bind && chown -R root:named /etc/bind ; \
     mkdir -m 0770 -p /var/cache/bind && chown -R named:named /var/cache/bind ; \
     wget -q -O /etc/bind/bind.keys https://ftp.isc.org/isc/bind9/keys/9.11/bind.keys.v9_11 ; \
     rndc-confgen -a
diff --git a/container/configs/default-zones/db.root b/container/configs/default-zones/db.root
index 3d6b3ba..6221e91 100644
--- a/container/configs/default-zones/db.root
+++ b/container/configs/default-zones/db.root
@@ -9,8 +9,8 @@
 ;           on server           FTP.INTERNIC.NET
 ;       -OR-                    RS.INTERNIC.NET
 ; 
-;       last update:     January 30, 2018 
-;       related version of root zone:     2018013001
+;       last update:     April 29, 2020 
+;       related version of root zone:     2020042901
 ; 
 ; FORMERLY NS.INTERNIC.NET 
 ;
diff --git a/container/entrypoint.sh b/container/entrypoint.sh
index 922db1d..04796a3 100755
--- a/container/entrypoint.sh
+++ b/container/entrypoint.sh
@@ -1,8 +1,11 @@
 #!/bin/sh
 OPTIONS=$@
+# "Run Time" changes - needed for when creating a *new* directory/first-time volume map
+# A great example of this is "/var/cache/bind" for dynamic configs, and mapping it in
+# The first time around, it will not be owned by named:named, and thus it won't be writable
 chown -R root:named /etc/bind /var/run/named
 chown -R named:named /var/cache/bind
-chmod -R 770 /var/cache/bind /var/run/named
+chmod 770 /var/cache/bind /var/run/named
 chmod -R 750 /etc/bind
 # By default - run in foreground and log to STDERR (console)
 # can be changed by running container with: -e "BIND_LOG=-f"