this is inaccurate and misleading since named(8) knows absolutely nothing about /var/log/messages and definitely doesn't need to write there at all.

it's syslogd(8) who whites there (and "there" is pure matter of what's defined in syslog.conf(5)). named writes to /dev/log (resp. /var/run/log, depends on OS), which is an interface to syslogd(8).

so if you want to control access to /var/log/messages, you need to set a systrace(4) policy for syslogd(8), not named(8).