BIND
This document provides information about configuring the HSM with BIND by using PKCS #11 libraries. For additional questions related to your HSM, see the relevant user guide.
BIND is a software suite for interacting with the Domain Name System (DNS). Its most prominent component, named (short for name daemon), performs both of the primary DNS server roles, acting as an authoritative name server for DNS zones and as a recursive resolver in the network. As of 2015, it is the most widely used domain name server software and is the de facto standard on Unix-like operating systems. Also contained in the suite are various administration tools such as nsupdate and dig, and a DNS resolver interface library.
The PKCS #11 support in BIND comes in two flavors:
- The native PKCS #11 that interfaces directly with the HSM provided library via the PKCS #11 API. This allows BIND to interact directly with the PKCS #11 provider for the public key cryptography (DNSSEC).
- The OpenSSL-based PKCS #11 interfaces with the PKCS #11 provider indirectly via the pkcs11 engine provided by the OpenSC project.
This integration guide describes the second method as it is more universal and doesn't require BIND to be recompiled.