diff --git a/manifests/config.pp b/manifests/config.pp
index 217cefd9..fda55e75 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -1,7 +1,9 @@
 # Configure dns
 # @api private
 class dns::config {
-  group { $dns::params::group: }
+  if $dns::group_manage {
+    group { $dns::params::group: }
+  }
 
   concat { $dns::publicviewpath:
     owner => root,
diff --git a/manifests/init.pp b/manifests/init.pp
index d8e157f9..4b01b2d1 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -14,6 +14,10 @@
 #   Path of the config file holding all the zones
 # @param vardir
 #   Directory holding the variable or working files
+# @param group_manage
+#   Should this module manage the Unix system group under which BIND runs (see
+#   dns::params)?  Defaults to true. Set to false if you want to manage the
+#   system group yourself.
 # @param namedservicename
 #   Name of the service
 # @param zonefilepath
@@ -85,6 +89,7 @@
   Stdlib::Absolutepath $optionspath                                 = $dns::params::optionspath,
   Stdlib::Absolutepath $publicviewpath                              = $dns::params::publicviewpath,
   Stdlib::Absolutepath $vardir                                      = $dns::params::vardir,
+  Boolean $group_manage                                             = $dns::params::group_manage,
   String $namedservicename                                          = $dns::params::namedservicename,
   Stdlib::Absolutepath $zonefilepath                                = $dns::params::zonefilepath,
   Variant[Enum['unmanaged'], Stdlib::Absolutepath] $localzonepath   = $dns::params::localzonepath,
diff --git a/manifests/params.pp b/manifests/params.pp
index d06b0f37..a18f370e 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -67,6 +67,9 @@
     }
   }
 
+  # This module will manage the system group by default
+  $group_manage = true
+
   $namedconf_template    = 'dns/named.conf.erb'
   $optionsconf_template  = 'dns/options.conf.erb'
 
diff --git a/spec/classes/dns_init_spec.rb b/spec/classes/dns_init_spec.rb
index 0901093f..86dbf26e 100644
--- a/spec/classes/dns_init_spec.rb
+++ b/spec/classes/dns_init_spec.rb
@@ -20,6 +20,7 @@
       it { should contain_class('dns::service') }
 
       it { should contain_package('bind').with_ensure('present') }
+      it { should contain_group('named') }
 
       it { should contain_concat('/etc/named/options.conf') }
       it { verify_concat_fragment_contents(catalogue, 'options.conf+10-main.dns', [
@@ -181,6 +182,11 @@
       it { should contain_service('named').with_ensure('running').with_enable(false) }
     end
 
+    describe 'with group_manage false' do
+      let(:params) { {:group_manage => false} }
+      it { should_not contain_group('named') }
+    end
+
     describe 'with acls set' do
       let(:params) { {:acls => { 'trusted_nets' => [ '127.0.0.1/24', '127.0.1.0/24' ] } } }
       it { verify_concat_fragment_exact_contents(catalogue, 'named.conf+10-main.dns', [
@@ -262,6 +268,7 @@
       it { should contain_class('dns::service') }
 
       it { should contain_package('bind910').with_ensure('present') }
+      it { should contain_group('bind') }
 
       it { should contain_concat('/usr/local/etc/namedb/options.conf') }
       it { verify_concat_fragment_contents(catalogue, 'options.conf+10-main.dns', [
@@ -304,5 +311,10 @@
       let(:params) { {:service_enable => false} }
       it { should contain_service('named').with_ensure('running').with_enable(false) }
     end
+
+    describe 'with group_manage false' do
+      let(:params) { {:group_manage => false} }
+      it { should_not contain_group('bind') }
+    end
   end
 end