diff --git a/linux/CHANGELOG b/linux/CHANGELOG
index c8e035e..8a81937 100644
--- a/linux/CHANGELOG
+++ b/linux/CHANGELOG
@@ -12,6 +12,7 @@ and this project **does not adhere to [Semantic Versioning](http://semver.org/sp
 ### Removed
 
 ### Fixed
+* IS_BINDCHROOT: fix /etc/default path for Debian >= 11 (renamed from bind9 to named)
 
 ### Security
 
diff --git a/linux/evocheck.sh b/linux/evocheck.sh
index 5b73eeb..3f5a8da 100755
--- a/linux/evocheck.sh
+++ b/linux/evocheck.sh
@@ -440,7 +440,11 @@ check_log2mailsquid() {
 check_bindchroot() {
     if is_installed bind9; then
         if netstat -utpln | grep "/named" | grep :53 | grep -qvE "(127.0.0.1|::1)"; then
-            if grep -q '^OPTIONS=".*-t' /etc/default/bind9 && grep -q '^OPTIONS=".*-u' /etc/default/bind9; then
+            default_conf=/etc/default/named
+            if is_debian_buster || is_debian_stretch; then
+                default_conf=/etc/default/bind9
+            fi
+            if grep -q '^OPTIONS=".*-t' "${default_conf}" && grep -q '^OPTIONS=".*-u' "${default_conf}"; then
                 md5_original=$(md5sum /usr/sbin/named | cut -f 1 -d ' ')
                 md5_chrooted=$(md5sum /var/chroot-bind/usr/sbin/named | cut -f 1 -d ' ')
                 if [ "$md5_original" != "$md5_chrooted" ]; then