DNS

BIND

3min

This document provides information about configuring the

 HSM with BIND by using

PKCS #11 libraries. For additional questions related to your HSM, see the relevant user guide.

About Bind

BIND is a software suite for interacting with the Domain Name System (DNS). Its most prominent component, named (short for name daemon), performs both of the primary DNS server roles, acting as an authoritative name server for DNS zones and as a recursive resolver in the network. As of 2015, it is the most widely used domain name server software and is the de facto standard on Unix-like operating systems. Also contained in the suite are various administration tools such as nsupdate and dig, and a DNS resolver interface library.

PKCS #11 in BIND

The PKCS #11 support in BIND comes in two flavors:

  • The native PKCS #11 that interfaces directly with the HSM provided library via the PKCS #11 API. This allows BIND to interact directly with the PKCS #11 provider for the public key cryptography (DNSSEC).
  • The OpenSSL-based PKCS #11 interfaces with the PKCS #11 provider indirectly via the pkcs11 engine provided by the OpenSC project.

This integration guide describes the second method as it is more universal and doesn't require BIND to be recompiled.

Guardian integration





Updated 28 Aug 2024
Did this page help you?