search

terraform-aws-modules / terraform-aws-vpc

Terraform module to create AWS VPC resources 🇺🇦
https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws
Apache License 2.0
2.99k stars 4.44k forks source link

Confusing DNS64 behaviour with public subnets #972

Open rvem opened 1 year ago

rvem commented 1 year ago

Description

public_subnet_enable_dns64 is true by default and with enable_ipv6 = true; this enables DNS64 for created public subnets.

However, if a given domain doesn't have an IPv6 record, it's resolved to 64:ff9b::/96 which in turn needs an additional route setup to work correctly.

Somewhat similar to #923, but for public subnets.

Versions

Reproduction Code [Required]

module "aws_vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "5.1.1"

  name = local.vpc_name
  cidr = var.vpc_cidr
  azs  = local.azs

  public_subnets  = ["10.0.11.0/24", "10.0.12.0/24", "10.0.13.0/24"]

  enable_ipv6 = true
  assign_ipv6_address_on_creation = true
  enable_dns_hostnames = true
  enable_dns_support = true
  map_public_ip_on_launch = true
  public_subnet_assign_ipv6_address_on_creation = true

  enable_dhcp_options = true
  dhcp_options_domain_name = var.domain_name
  dhcp_options_domain_name_servers = ["AmazonProvidedDNS"]

  public_subnet_ipv6_prefixes  = [0, 1, 2]
}

Steps to reproduce the behavior:

curl -6 api.github.com from the EC2 instance within one of the public subnets above hangs.

Expected behavior

DNS64 enabled along with the corresponding route for resolving 64:ff9b::/96

Actual behavior

An IP from 64:ff9b::/96 is not routed correctly:(

github-actions[bot] commented 1 year ago

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

rvem commented 1 year ago

Still relevant

JeffreyVdb commented 1 year ago

I'm having this issue as well. Use case is creating a publicly reachable machine with only an IPv6 IP.

There are 2 solutions:

In my case however, I don't need a public IPv4 IP, I do need NAT64.

github-actions[bot] commented 1 year ago

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

rvem commented 1 year ago

Still relevant

github-actions[bot] commented 1 year ago

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

rvem commented 1 year ago

Still relevant