OpenDNSSEC was created as an open-source turn-key solution for DNSSEC. It secures zone data just before it is published in an authoritative name server.
The OpenDNSSEC Project is overseen by the OpenDNSSEC Architecture Board (known as the OAB) and is developed with the co-operation of several particpants.
There are 3 major deliverables from the OpenDNSSEC project:
- OpenDNSSEC software package: The OpenDNSSEC implementation, expected to run on top of a PKCS #11 implementation, like an HSM.
- SoftHSM : A software-only implementation of an HSM, made available through the industry standard PKCS #11 interface. This software is compatible with the DNSSEC Signer.
- HSM market selection: A comparison between a number of HSM devices. This is intended to give a rough idea about the kinds of devices available on the market, in terms of speed, price, configuration.