OpenDNSSEC

{{Infobox software

| name = OpenDNSSEC

| title = OpenDNSSEC

| logo =

| screenshot =

| caption =

| collapsible =

| author =

| developer =

| released = {{Start date and age|2009|07|30}}{{cite web |url=https://github.com/opendnssec/opendnssec/blob/1.0.0/NEWS |title=NEWS |date=9 February 2010 |version=1.0.0 |work=OpenDNSSEC |access-date=18 June 2022 |via=GitHub}}

| discontinued =

| latest release version = 2.1.13

| latest release date = {{Start date and age|2023|6|26}}{{cite web|url=https://www.opendnssec.org/2023/06/opendnssec-2-1-13/ |title=OpenDNSSEC 2.1.13}}

| latest preview version =

| latest preview date =

| frequently updated =

| programming language = C, C++

| operating system = Linux, FreeBSD, NetBSD, Mac OS X, Solaris

| platform =

| size =

| language =

| status =

| genre = DNSSEC

| license = BSD

| website = [https://www.opendnssec.org/ www.opendnssec.org]

}}

{{Infobox software

| name = SoftHSM

| title = SoftHSM

| logo =

| screenshot =

| caption =

| collapsible =

| author =

| developer =

| released =

| discontinued =

| latest release version = 2.6.1

| latest release date = {{Start date and age|2020|4|29}}{{cite web|url=https://www.opendnssec.org/2020/04/1602/|title=SoftHSM 2.6.1}}

| frequently updated =

| programming language = C++

| operating system = Linux, FreeBSD, NetBSD, Mac OS X

| platform =

| size =

| language =

| status =

| genre =

| license = BSD

| website = {{URL|https://www.opendnssec.org/}}

| repo = {{URL|https://github.com/opendnssec/SoftHSMv2}}

}}

OpenDNSSEC is a computer program that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

OpenDNSSEC was created as an open-source turn-key solution for DNSSEC. It secures DNS zone data just before it is published in an authoritative name server. OpenDNSSEC takes in unsigned zones, adds digital signatures and other records for DNSSEC and passes it on to the authoritative name servers for that zone. All keys are stored in a hardware security module and accessed via PKCS #11, a standard software interface for communicating with devices which hold cryptographic information and perform cryptographic functions. OpenDNSSEC can be paired with SoftHSM which provides a Software emulation of a hardware security module.{{cite web |title=OpenDNSSEC » SoftHSM |url=https://www.opendnssec.org/softhsm/ |website=OpenDNSSEC.org |access-date=29 January 2024}}

OpenDNSSEC runs two dedicated daemons these are ods-enforcerd which acts as a enforcer Engine Daemon with the role of enforcing the KASP (Key and Signing Policy), and the ods-signerd which carries out actual signing of the zone. A DNS zone will failed to be signed if either process fail.

The ods-enforcer client program may be used to interact with the enforcer Engine and can be used to initiate such actions as a key rollover manually.

OpenDNSSEC uses the Botan cryptographic library, and SQLite or MySQL as database back-end. It is used on the .fr,{{cite web |last1=Levigneron |first1=Vincent |title=DNSSEC: change of algorithm for the .fr zone |url=https://www.afnic.fr/en/observatory-and-resources/expert-papers/dnssec-change-of-algorithm-for-the-fr-zone/ |website=Afnic |access-date=30 January 2024}}.se, .dk, .nl,{{cite web |last1=Ubbink |first1=Stefan |title=New DNSSEC algorithm for .nl |url=https://www.sidn.nl/en/news-and-blogs/new-dnssec-algorithm-for-nl |website=www.sidn.nl |access-date=10 February 2024}} .nz{{cite web |title=DNSSEC chain validation issue: technical incident report |url=https://internetnz.nz/news-and-articles/dnssec-chain-validation-issue-technical-incident-report/ |website=InternetNZ |access-date=24 April 2024}} and .uk top-level domains.{{cite web|title=OpenDNSSEC|url=https://www.iis.se/english/domains/tech/opendnssec/|accessdate=17 September 2014}}