diff --git a/daemon/unbound.c b/daemon/unbound.c
index d64751ab5..377396fc4 100644
--- a/daemon/unbound.c
+++ b/daemon/unbound.c
@@ -539,6 +539,9 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
 		if(chroot(cfg->chrootdir))
 			fatal_exit("unable to chroot to %s: %s", 
 				cfg->chrootdir, strerror(errno));
+		if(chdir("/"))
+			fatal_exit("unable to chdir to / in chroot %s: %s",
+				cfg->chrootdir, strerror(errno));
 		verbose(VERB_QUERY, "chroot to %s", cfg->chrootdir);
 		if(strncmp(*cfgfile, cfg->chrootdir, 
 			strlen(cfg->chrootdir)) == 0) 
diff --git a/doc/Changelog b/doc/Changelog
index 629749839..68b57f07b 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+21 September 2012: Wouter
+	- chdir to / after chroot call (suggested by Camiel Dobbelaar).
+
 17 September 2012: Wouter
 	- patch_rsamd5_enable.diff: this patch enables RSAMD5 validation
 	  otherwise it is treated as insecure.  The RSAMD5 algorithm is