Skip to end of metadata
Go to start of metadata



The OpenDNSSEC documentation gives information on how to install, configure, and run OpenDNSSEC. There might still remain some questions, so we try to reflect them in our a growing list of frequently asked questions.

Remember that you also need an HSM, which uses the PKCS#11 interface. We do provide the SoftHSM, a software-only implementation of an HSM. Read the HSM Buyer’s Guide for more information and consult the list of HSM vendors.

The latest version of OpenDNSSEC is 1.4

See what is new in 1.4 - note that due to changes in the database schema a migration is required when upgrading to 1.4 from earlier versions of OpenDNSSEC.


The goal of OpenDNSSEC is to have a complete DNSSEC zone signing system which maintains stability and security of signed domains. DNSSEC adds many cryptographic concerns to DNS; OpenDNSSEC automates those to allow current DNS administrators to adopt DNSSEC. This document provides DNS administrators with the necessary information to get the system up and running with a basic configuration.




A PDF version is available on our Downloads page, along with instructions on how to export selected pages.

  • No labels