Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Confusing DNS64 behaviour with public subnets #972

Open
1 task done
rvem opened this issue Aug 14, 2023 · 7 comments
Open
1 task done

Confusing DNS64 behaviour with public subnets #972

rvem opened this issue Aug 14, 2023 · 7 comments
Labels
wip
Milestone
v6.0

Comments

@rvem
Copy link

rvem commented Aug 14, 2023

Description

public_subnet_enable_dns64 is true by default and with enable_ipv6 = true; this enables DNS64 for created public subnets.

However, if a given domain doesn't have an IPv6 record, it's resolved to 64:ff9b::/96 which in turn needs an additional route setup
to work correctly.

  • ✋ I have searched the open/closed issues and my issue is not listed.

Somewhat similar to #923, but for public subnets.

Versions

  • Module version [Required]: 5.1.1

  • Terraform version: 1.5.4

  • Provider version(s): AWS - 5.10.0

Reproduction Code [Required]

module "aws_vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "5.1.1"

  name = local.vpc_name
  cidr = var.vpc_cidr
  azs  = local.azs

  public_subnets  = ["10.0.11.0/24", "10.0.12.0/24", "10.0.13.0/24"]

  enable_ipv6 = true
  assign_ipv6_address_on_creation = true
  enable_dns_hostnames = true
  enable_dns_support = true
  map_public_ip_on_launch = true
  public_subnet_assign_ipv6_address_on_creation = true

  enable_dhcp_options = true
  dhcp_options_domain_name = var.domain_name
  dhcp_options_domain_name_servers = ["AmazonProvidedDNS"]

  public_subnet_ipv6_prefixes  = [0, 1, 2]
}

Steps to reproduce the behavior:

curl -6 api.github.com from the EC2 instance within one of the public subnets above hangs.

Expected behavior

DNS64 enabled along with the corresponding route for resolving 64:ff9b::/96

Actual behavior

An IP from 64:ff9b::/96 is not routed correctly:(
@github-actions
Copy link

This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days

@github-actions github-actions bot added the stale label Sep 14, 2023
@rvem
Copy link
Author

rvem commented Sep 14, 2023

Still relevant

@github-actions github-actions bot removed the stale label Sep 15, 2023
@JeffreyVdb
Copy link

I'm having this issue as well.
Use case is creating a publicly reachable machine with only an IPv6 IP.

There are 2 solutions:

  • adding an IPv4 public IP
  • adding the route to 64:ff9b::/96

In my case however, I don't need a public IPv4 IP, I do need NAT64.

@github-actions
Copy link

This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days

@github-actions github-actions bot added the stale label Oct 19, 2023
@rvem
Copy link
Author

rvem commented Oct 19, 2023

Still relevant

@github-actions github-actions bot removed the stale label Oct 20, 2023
@github-actions GitHub Actions
Copy link

This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days

@github-actions github-actions bot added the stale label Nov 19, 2023
@rvem
Copy link
Author

rvem commented Nov 20, 2023

Still relevant

@bryantbiggs bryantbiggs added wip and removed stale labels Nov 20, 2023
@bryantbiggs bryantbiggs added this to the v6.0 milestone Nov 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wip
Projects
None yet
Milestone
v6.0
Development

No branches or pull requests
3 participants
@JeffreyVdb @bryantbiggs @rvem