The OpenDNSSEC documentation gives information on how to install, configure, and run OpenDNSSEC. There might still remain some questions, so we try to reflect them in our a growing list of frequently asked questions.

Remember that you also need an HSM, which uses the PKCS#11 interface. We do provide the SoftHSM, a software-only implementation of an HSM. Read the HSM Buyer’s Guide for more information and consult the list of HSM vendors.

The goal of OpenDNSSEC is to have a complete DNSSEC zone signing system which maintains stability and security of signed domains. DNSSEC adds many cryptographic concerns to DNS; OpenDNSSEC automates those to allow current DNS administrators to adopt DNSSEC. This document provides DNS administrators with the necessary information to get the system up and running with a basic configuration.

Getting Started

Overview of OpenDNSSEC


Configuration files

Running OpenDNSSEC

Command Utilities


Reporting bugs

Getting Support



A PDF version is available on our Downloads page, along with instructions on how to export selected pages.