OpenDNSSEC is a computer program that manages the security of domain names on the Internet.

It secures DNS zone data just before it is published in an authoritative name server.

OpenDNSSEC can be paired with SoftHSM which provides a Software emulation of a hardware security module.

[4] OpenDNSSEC runs two dedicated daemons these are ods-enforcerd which acts as a enforcer Engine Daemon with the role of enforcing the KASP (Key and Signing Policy), and the ods-signerd which carries out actual signing of the zone.

The ods-enforcer client program may be used to interact with the enforcer Engine and can be used to initiate such actions as a key rollover manually.