The KASP is one of the configuration files for OpenDNSSEC (more on configuration files here). It specifies a Key And Signing Policy which controls the following aspects of DNSSEC
There can one or many policies and these can be associated with different zones for fine control of DNSSEC.
The KASP enforcer (also known as just "the enforcer") is responsible for the management of keys. It has runs as a daemon and wakes periodically to check if key states need updating. It also has a command interface (ods-ksmutil) to provide information on key and zones states. It does the following tasks
The Signer Engine (also known as just "the signer") is responsible for actually performing the zone signing. It has runs as a daemon and wakes periodically to check if the zones need updating. It also has a command interface (ods-signer) to manually control zone signing. It consumes information generated by the enforcer and unsigned zones and then generates zones signed with the specified keys:
The Adaptors are responsible for obtaining the unsigned zone and distributing the signed zone. Currently supported mechanisms are (for both input and ouput):