Can't start Bind open: /etc/named.conf: permission denied

so I'm really new on this and was following this tutorial to set up bind, and up to 4:50 I was having no problems, I could ping, use nslookup and had internet connection with the dns server, then we had to add the zones and create the zone files (just creating them), perfect, I restart to see if there's any trouble (I use a virtual machine btw), then i could no longer ping, use nslookup and i didn't even have internet connection. This is what I got using systemctl status

Redirecting to /bin/systemctl status  -l named.service
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor prese$
   Active: failed (Result: exit-code) since jue 2019-04-25 23:14:30 -04; 3min 3$
  Process: 3355 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "y$

abr 25 23:14:30 linux bash[3355]: _default/0.168.192.in-addr.arpa/IN: bad zone
abr 25 23:14:30 linux bash[3355]: zone localhost.localdomain/IN: loaded serial 0
abr 25 23:14:30 linux bash[3355]: zone localhost/IN: loaded serial 0
abr 25 23:14:30 linux bash[3355]: zone 
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.$
abr 25 23:14:30 linux bash[3355]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial$
abr 25 23:14:30 linux bash[3355]: zone 0.in-addr.arpa/IN: loaded serial 0
abr 25 23:14:30 linux systemd[1]: named.service: control process exited, code=e$
abr 25 23:14:30 linux systemd[1]: Failed to start Berkeley Internet Name Domain$
abr 25 23:14:30 linux systemd[1]: Unit named.service entered failed state.
abr 25 23:14:30 linux systemd[1]: named.service failed.

I thought this was because of the empty zone files so I replaced with a named.conf without the zones, tried to restart with service restart named but got (again):

Failed to start BIND : Redirecting to /bin/systemctl start named.service Job 
for named.service failed because the control process exited with error code.
See "systemctl status named.service" and "journalctl -xe" for details.

So I did

● named.service - Berkeley Internet Name Domain (DNS)
 Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since jue 2019-04-25 23:25:30 -04; 1min 3s ago
  Process: 5557 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=1/FAILURE)
  Process: 5552 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)

abr 25 23:25:30 linux named[5559]: found 2 CPUs, using 2 worker threads
abr 25 23:25:30 linux named[5559]: using 2 UDP listeners per interface
abr 25 23:25:30 linux named[5559]: using up to 21000 sockets
abr 25 23:25:30 linux named[5559]: loading configuration from '/etc/named.conf'
abr 25 23:25:30 linux named[5559]: open: /etc/named.conf: permission denied
abr 25 23:25:30 linux named[5559]: loading configuration: permission denied
abr 25 23:25:30 linux systemd[1]: named.service: control process exited, code=exited status=1
abr 25 23:25:30 linux systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
abr 25 23:25:30 linux systemd[1]: Unit named.service entered failed state.
abr 25 23:25:30 linux systemd[1]: named.service failed.

It's a permission problem but it worked perfectly before so I'm at a loss.

This is what I get by doing ls -l /etc/named.conf :

-rw-r-----. 1 root root 1808 abr 25 15:13 /etc/named.conf

And this is when I do ls -Z /etc/named.conf (if it has something to do with selinux):

 -rw-r-----. 1 root root unconfined_u:object_r:etc_t:s0 /etc/named.conf

Not sure if it helps but here's the named.conf

options {
    listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory   "/var/named";
        dump-file   "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { localhost; };

    recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
    channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

I also don't have a chroot folder in /etc/named/
Is there a solution for this? Thanks.

Except, this problem also occurs with SELinux disabled. It's a vendor-specific issue, notably ISC-Bind9 and to administrators who uses other location for their named's PID file location. Details are given here: serverfault.com/a/999128/250390

And for the next administrator to come along, I would added a README file into the empty /run/named telling him why it is to remain empty and existing. But, this new tmpfiles.d will just blow it away. :-/