BIND
The purpose of this document is to provide information regarding the configuration of the Futurex Vectera Plus HSM with BIND using Futurex PKCS #11 libraries. For additional questions related to your HSM, see the relevant user guide.
BIND is a software suite for interacting with the Domain Name System (DNS). Its most prominent component, named (short for name daemon), performs both of the primary DNS server roles, acting as an authoritative name server for DNS zones and as a recursive resolver in the network. As of 2015, it is the most widely used domain name server software and is the de facto standard on Unix-like operating systems. Also contained in the suite are various administration tools such as nsupdate and dig, and a DNS resolver interface library.
The PKCS #11 support in BIND comes in two flavors:
- The native PKCS #11 that interfaces directly with the HSM provided library via the PKCS #11 API. This allows BIND to interact directly with the PKCS #11 provider for the public key cryptography (DNSSEC).
- The OpenSSL-based PKCS #11 interfaces with the PKCS #11 provider indirectly via the pkcs11 engine provided by the OpenSC project.
This integration guide describes the second method as it is more universal and doesn't require BIND to be recompiled.
The Guardian Series 3 introduces mission-critical viability to core cryptographic infrastructure, including:
- Centralization of device management
- Elimination of points of failure
- Distribution of transaction loads
- Group-specific function blocking
- User-defined grouping systems
Please see the applicable guide in the Futurex Portal, which covers how to use the Guardian Series 3 to configure HSMs for PKCS #11 integrations.