Before you start to use OpenDNSSEC in your production environment you must first decide which hardware you going to run on.

When you have a good system to run on, then it is time to install the software that OpenDNSSEC depends on, and finally installing OpenDNSSEC.

On this Page

Hardware set-up

Here are some short recommendations if you are planning to use OpenDNSSEC with many zones or a single large zone, and where the speed of signing is important.

Platform support

OpenDNSSEC has been tested on the following platforms:

Dependencies

OpenDNSSEC depends on a number of open-source packages, all of which must be installed on your system for OpenDNSSEC to build successfully.

The installation of depencencies guide shows which packages are required and how to download/install them.

You also need a Hardware Security Module.

Choose from any vendor that uses the PKCS#11 interface. Or the software-only implementation of an HSM called SoftHSM created by the OpenDNSSEC project. Follow these instructions on how to install SoftHSM.

Pre-built Binaries

You can find information about packages for your operating system here: http://www.opendnssec.org/download/packages/

Obtaining the Source Code

The latest version of OpenDNSSEC can be found as a tarball on  http://www.opendnssec.org

The development (unstable) version of OpenDNSSEC is available from the GitHub repository and can be obtained using the following command:

git clone https://github.com/opendnssec/OpenDNSSEC.git

Building & Installing

  1. If you downloaded the tarball then first untar it:

    tar -xzf opendnssec-<VERSION>.tar.gz
    cd OpenDNSSEC

    or if you are working from the repository:

    cd OpenDNSSEC
    sh autogen.sh
  2. Then it is time to configure the build scripts:

     ./configure
    

    You may also need some other options to configure.

      --disable-auditor       Disable auditor build (default enabled)
      --enable-eppclient      Enable eppclient build (default disabled) (experimental)
      --enable-timeshift      For debugging purposes
      --with-database-backend Select database backend (sqlite3|mysql) (default sqlite)
    

    Use the following command to find out which other options that are available:

     ./configure --help
    

    The configure script defaults to --prefix=/usr/local, --sysconfdir=/etc, and --localstatedir=/var

  3. Once configured, build OpenDNSSEC using:

     make
    

    ... and install using ...

     sudo make install
    

    If the build fails it might be because of a missing software dependency. Please read the error messages carefully.

Post-installation

Depending on operating system, there may be a few additional steps required after installation.

Linux Users Linux users need to rebuild the dynamic linker caches. To do this, issue the command:

sudo ldconfig [library-path [library-path ...]]

If OpenDNSSEC or any of the pre-requisites were installed in non-standard directories, the list of library paths should be specified as arguments on the command line.