In order to run OpenDNSSEC you will need a HSM. PKCS#11, also knows as Cryptoki (short for Cryptographic Token Interface) is an API defining a generic interface to Hardware Security Modules. OpenDNSSEC can use every HSM that provides a library that implements PKCS#11.
For convenience we provide SoftHSM, a completely software based implementation of an HSM. For use cases where security and performance of a physical HSM can't justify its costs, SoftHSM will generally be a good fit. For more information consult the SoftHSM documentation. Alternatively see our list of HSM vendors and the HSM buyers guide.