Reverse DNS with Route53 and DNSControl

I was looking for a nice and somewhat simple way of managing my Reverse DNS settings, and I think i found it. I use DNSControl for managing all my DNS records for all (30+) domains, so i decided to see if I could get it to work for my Reverse (PTR) records too… and it works!

First, DNSControl is a project from the StackOverflow Guys and Gals, that allows easy enough managing of your DNS records. There is a bit of a learning curve, but once your over that, your laughing!

Second, Route53 is Amazon’s DNS service, as part of AWS. You can use it for AWS internal specific stuff, DNS resolution for your public domains, or, in my case, a reverse DNS for my IP block. I also use it for a private DNS for my ZeroTier network too, but that’s a separate matter…

So, to get them both hooked up, first you need DNSControl configured. They have extensive documentation on the matter, so check that out, as i wont be going into too much detail on that part.

After creating a record in Route53 on the AWS portal, my credentials file with details for Route53, creating a “noreg” record, etc, i then created the reverse domain for my IP range:

REV('185.186.67.0/24') is a custom block that will automagically create the correct record, which in my case would be 67.186.185.in-addr.arpa. you could leave that in there, but if you have a few, it may be prone to “fat fingering” the records…

Next, you have all your PTR records. each one has the last part of the IP, along with the name of it. Once you have all your records, it is then a matter of pushing to Route53 using DNSControl:

./dnscontrol-Darwin preview --domains 67.186.185.in-addr.arpa

will show you what changes have been made, assuming you have the config correct.

./dnscontrol-Darwin push --domains 67.186.185.in-addr.arpa

will do the actual pushing.

It is then just a matter of making sure you have the correct records pointing at the correct DNS servers, as per the RIPE (or other provider’s) documentation. And that is that. A quick “dig” on the command line shows your work:

That should be it! happy days! and in theory, since the config file is “just” Javascript, you could pull it from a DB, a IPAM such as Netbox, or some other place. Thats my next challenge…

Building Tinc 1.1 (pre) on Ubuntu 18.04

So, a while back, I used Tinc for as a mesh VPN network. Tinc, for the uninitiated, is as follows:

tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet

tinc-vpn.org

Its been a while, but i noticed that they did have a version 1.1 preview, and did some tests with it previouly, and seen some decient perf with it. But, due to a mix of laziness, testing and more laziness, i ended up on ZeroTier for my internal peering network…

Now, however, i am starting to look at other options. This post will explain how to build Tinc 1.1 preview on Ubuntu 18.04. I will look into other options later on…

First, this will not be a configuration of Tinc… I am only building it.

You need to install some Apt Packages for the build to run:

sudo apt update

sudo apt install build-essential libncurses5-dev libreadline6-dev libzlcore-dev zlib1g-dev liblzo2-dev libssl-dev

next, download the source and extract it:

wget https://www.tinc-vpn.org/packages/tinc-1.1pre17.tar.gz

tar -zxvf tinc-1.1pre17.tar.gz

cd tinc-1.1pre17

next, configure and build.

./configure

make -j5

I use -j5 to use all 4 cores on my machine + 1 (its something i read years ago and i keep doing this). Just change that number as required.

Now your done. you can do a sudo make install to install in the required folders, or just run it from where its build.

Bird BGP Daemon tips and tricks

Some of these are more than likely known to people, but i though i would add them here. Partially for you and partially for me!

Useful Links

Command Line stuff

  • birdc show route for 185.186.67.33 shows all routes known for that ip address
  • birdc show route protocol INTERNAL_LON1 shows all routes for a given Peer.
  • birdc show route where bgp_path ~ [= * 15133 * =] show routes where AS15133 is in the path list.
  • birdc show route where bgp_path.last = 15133 show routes where AS15133 is the LAST path.

Presentations