BIND

this document provides information about configuring the {{vectera}} hsm with bind by using {{futurex}} pkcs #11 libraries for additional questions related to your hsm, see the relevant user guide about bind bind is a software suite for interacting with the {{dns}} its most prominent component, {{named}} ( the name daemon on linux ), performs both primary dns server roles, acting as an authoritative name server for dns zones and as a recursive resolver within the network as of 2015, it is the most widely used domain name server software and is the de facto standard on unix like operating systems also contained in the suite are various administrative tools, such as nsupdate and dig , as well as a dns resolver interface library how the bind integration works the integration involves the following steps zone data creation or update user defines or updates dns zone file key reference request bind identifies required signing keys hsm login bind authenticates to the {{vectera}} by using pkcs#11 signing key access {{vectera}} locates the requested signing keys signing operation {{vectera}} generates digital signatures by using private keys zone file update signed dns records are added to the zone data zone publication bind loads and serves the signed zone resolver validation dns resolvers verify signatures by using domain name security system extensions ( {{dnssec}} ) public keys pkcs #11 in bind the pkcs #11 support in bind comes in two forms native pkcs #11 bind interfaces directly with the {{vectera}} provided library through the pkcs #11 api this allows bind to interact directly with the pkcs #11 provider for public key cryptography (dnssec) openssl based pkcs #11 bind uses an openssl pkcs #11 provider (such as pkcs11 provider from the latchset project) to interact with {{vectera}} indirectly this integration guide uses the openssl based pkcs #11 method because it is the only method compatible with {{vectera}} guardian integration the {{guard}} introduces mission critical viability to core cryptographic infrastructure, including centralization of device management elimination of points of failure distribution of transaction loads group specific function blocking user defined grouping systems see the applicable guide in the {{futurex}} portal for configuring hsms with the {{guard}} , including pkcs #11 and cng configuration