Reverse DNS with Route53 and DNSControl

I was looking for a nice and somewhat simple way of managing my Reverse DNS settings, and I think I found it. I use DNSControl for managing all my DNS records for all (30+) domains, so I decided to see if I could get it to work for my Reverse (PTR) records too… and it works!

First, DNSControl is a project from the StackOverflow Guys and Gals, that allows easy enough managing of your DNS records. There is a bit of a learning curve, but once you’re over that, your laughing!

Second, Route53 is Amazon#8217;s DNS service, as part of AWS. You can use it for AWS internal specific stuff, DNS resolution for your public domains, or, in my case, a reverse DNS for my IP block. I also use it for a private DNS for my ZeroTier network too, but that#8217;s a separate matter…

So, to get them both hooked up, first you need DNSControl configured. They have extensive documentation on the matter, so check that out, as i won’t be going into too much detail on that part.

After creating a record in Route53 on the AWS portal, my credentials file with details for Route53, creating a “noreg” record, etc., I then created the reverse domain for my IP range:

REV('') Is a custom block that will automagically create the correct record, which in my case would be You could leave that in there, but if you have a few, it may be prone to “fat-fingering” the records…

Next, you have all your PTR records. Each one has the last part of the IP, along with the name of it. Once you have all your records, it is then a matter of pushing to Route53 using DNSControl:

./dnscontrol-Darwin preview --domains

Will show you what changes have been made, assuming you have the config correct.

./dnscontrol-Darwin push --domains

Will do the actual pushing.

It is then just a matter of making sure you have the correct records pointing at the correct DNS servers, as per the RIPE (or other provider#8217;s) documentation. And that is that. A quick “dig” on the command line shows your work:

That should be it! Happy days! And in theory, since the config file is “just” JavaScript, you could pull it from a DB, a IPAM such as Netbox, or some other place. That’s my next challenge…


site of

By tiernano, 2019-09-15