From OpenDNSSEC to Knot DNS

This article is written in an effort to aid those who are considering Knot DNS as a replacement for OpenDNSSEC.

More specifically, in this article we’ll be showing how to:

  • make Knot use HSMs via the PKCS11 interface
  • seamlessly transition from OpenDNSSEC to Knot
  • then transition from HSM to automatically managed in-memory keys

If you’ve never interacted with Knot before, please familiarize yourself with the basics. Our documentation provides a great novice-friendly introduction.