In my quest to write a DNS server in Go I found myself lacking an interface to PKCS#11, so I wrote one. PKCS#11 is the interface to HSMs (including SoftHSM), and even though the interface sucks, I think a DNS server should store its keys in an HSM, by default.

So… here it is. I’m still putting in the finishing touches and some general polish, but it is already usable.