Having a DNS server available on your network might seem unusual, but it's actually quite common. We have EdgeOS and OpenWRT with dnsmasq. We have VyOS 1.5 with pdns-resolver. Other dedicated DNS solutions that you can find within someones homelab might be Pi-hole, AdGuaard, or Technitium.
These solutions are extremely powerful and effective, they require additional containers to operate. I wanted to see if I could get PTR records working with minimal VyOS config.
I recall manually setting up PTR records with BIND in the past, but I was unsure how to apply this knowledge to VyOS. Doing a quick search led me to a Stack Overflow question that was close to what I needed. It confirmed some of my assumptions, but lacked concrete examples. Additionally, the VyOS documentation didn't make much sense. Those docs refers to domains and not zones. Using information from both of these, I did some digging.
First, figuring out how pdns-resolver is configured, you can find the pdns-resolver configure on your VyOS router via:
sudo cat /run/pdns-recursor/recursor.conf
...
auth-zones=
...
The crucial detail was knowing that our zones were handled via auth-zones. This let me down to looking at the pdns-resolver auth-zones section and finding out they use BIND format.
Next needed to re-learn BIND format. Finding a stackoverflow quickly showed me how the BIND zone should look.
Now it's time to take the documentation from VyOS and make it generate a BIND format auth-zone file.
The end result is something like this:
set service dns forwarding authoritative-domain ZONE records ptr REVERSE_IP target DNS
which looked like this for my setup and a /24 block:
set service dns forwarding authoritative-domain 0.5.5.10.in-addr.arpa records ptr 15 target www.local
Now I can commit and test with dig -x 10.5.5.15 @10.5.5.1 and get back:
;; ANSWER SECTION:
15.5.5.10.in-addr.arpa. 300 IN PTR www.local.