I have a raspberry pi 400 with tumbleweed and installed named therein. named is
master for the sub-zone "samdom.pce23.net". After provision of samba-ad-dc 
named fails starting with "systemctl start named"
rasp:/var/lib/samba/bind-dns # systemctl start named
Job for named.service failed because the control process exited with error
code.
See "systemctl status named.service" and "journalctl -xe" for details.

rasp:/var/lib/samba/bind-dns # systemctl status named
��������� named.service - Berkeley Internet Name Domain (DNS)
     Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor
preset: disabled)
     Active: failed (Result: exit-code) since Thu 2021-05-13 22:01:24 CEST; 11s
ago
    Process: 3023 ExecStartPre=/usr/libexec/bind/named.prep (code=exited,
status=0/SUCCESS)
    Process: 3029 ExecStart=/usr/sbin/named -u named -d 9 $NAMED_ARGS
(code=exited, status=1/FAILURE)
        CPU: 315ms
May 13 22:01:24 rasp named[3030]: samba_dlz: Failed to connect to Failed to
connect to /var/lib/samba/bind-dns/dns/sam.ldb: Unable to open tdb
'/var/lib/samba/bind-dns/dns/sam.ldb': Read-only file system: Operations error
May 13 22:01:24 rasp named[3030]: samba_dlz: FAILED dlz_create call result=25
#refs=0
May 13 22:01:24 rasp named[3030]: dlz_dlopen of 'AD DNS Zone' failed
May 13 22:01:24 rasp named[3030]: SDLZ driver failed to load.
May 13 22:01:24 rasp named[3030]: DLZ driver failed to load.
May 13 22:01:24 rasp named[3030]: loading configuration: failure
May 13 22:01:24 rasp named[3030]: exiting (due to fatal error)
May 13 22:01:24 rasp systemd[1]: named.service: Control process exited,
code=exited, status=1/FAILURE
May 13 22:01:24 rasp systemd[1]: named.service: Failed with result 'exit-code'.
May 13 22:01:24 rasp systemd[1]: Failed to start Berkeley Internet Name Domain
(DNS).

I followed this document for installation 
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller

Provision of samba:
rasp:/var/lib/samba # samba-tool domain provision --use-rfc2307 --interactive
Realm [SAMDOM.PCE23.NET]:  
Domain [SAMDOM]:  
Server Role (dc, member, standalone) [dc]:  
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
 BIND9_DLZ
Administrator password: 
Retype password:
...
INFO 2021-05-13 21:55:21,336 pid:2899 /usr/.../samba/provision/__init__.py
#492: Server Role:           active directory domain controller
INFO 2021-05-13 21:55:21,336 pid:2899 /usr/.../samba/provision/__init__.py
#493: Hostname:              rasp
INFO 2021-05-13 21:55:21,336 pid:2899 /usr/.../samba/provision/__init__.py
#494: NetBIOS Domain:        SAMDOM
INFO 2021-05-13 21:55:21,336 pid:2899 /usr/.../samba/provision/__init__.py
#495: DNS Domain:            samdom.pce23.net
INFO 2021-05-13 21:55:21,337 pid:2899 /usr/.../samba/provision/__init__.py
#496: DOMAIN SID:            S-1-5-21-4198509159-1934609394-2213185027:

After provison I added in /etc/named.conf the following lines

include "/var/lib/samba/bind-dns/named.conf";
...
options {
...
    ###SAMBA
    tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
    minimal-responses yes;    
    ### SAMBA
���������}
the sub zone is defined as 
zone "samdom.pce23.net" in {
        type master;
        file "dyn/samdom.pce23.net";
        also-notify { 192.168.1.120; };
        notify yes;
        allow-transfer  { 192.168.1.120; };
        allow-query  { 192.168.1.0/24; 192.168.2.0/24; 192.168.3.0/24;
192.168.4.0/24; };
};


I changed the authorization of /var/lib/samba/bind-dns/dns and the files
therein
chown root:named *  ==> still error
chown named:named  * ==> still error
chmod 777 for directories and hmod 666 for file s==> still error

I did a trace via
strace -o /tmp/named3.log -f /usr/sbin/named -u named -d 9 &
and the error in journalctl is
May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'gssapi_krb5'
registered
May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'gssapi_krb5_sasl'
registered
May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'spnego' registered
May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'schannel'
registered
May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'naclrpc_as_system'
registered
May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'sasl-EXTERNAL'
registered
May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'ntlmssp'
registered
May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend
'ntlmssp_resume_ccache' registered
May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'http_basic'
registered
May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'http_ntlm'
registered
May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'http_negotiate'
registered
May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'krb5' registered
May 18 11:21:57 rasp named[6206]: samba_dlz: GENSEC backend 'fake_gssapi_krb5'
registered
May 18 11:21:58 rasp named[6206]: samba_dlz: ldb: No encrypted secrets key
file. Secret attributes will not be encrypted or decrypted
May 18 11:21:58 rasp named[6206]: samba_dlz:
May 18 11:21:58 rasp named[6206]: samba_dlz: schema_fsmo_init: we are
master[yes] updates allowed[no]
May 18 11:21:58 rasp named[6206]: samba_dlz: started for DN
DC=samdom,DC=pce23,DC=net
May 18 11:21:58 rasp named[6206]: samba_dlz: starting configure
May 18 11:21:58 rasp named[6206]: samba_dlz: Failed to configure zone
'samdom.pce23.net'
May 18 11:21:58 rasp named[6206]: loading configuration: already exists
May 18 11:21:58 rasp named[6206]: exiting (due to fatal error)

but the zone file doesn't exist in /var/lib/named/dyn

If needed I can attach the trace log file but I find nothing more detaillled
about the error therein

Regards