OpenDNSSEC takes in unsigned zones, adds the signatures and other records for DNSSEC and passes the zones on to the authoritative name servers for that zones.

It does this according to a Key and Signing Policy (KASP) that describes how an organisation wants their DNSSEC configured.

On this Page

What does OpenDNSSEC do automatically?

Once installed, configured and running OpenDNSSEC will do the following:

What can be done manually?

See the Running OpenDNSSEC guide for more details

What must be done manually?

Uploading the Trust Anchor to the parent and notifying OpenDNSSEC that this has been done is a manual operation.

What are the key components of OpenDNSSEC?