By using AWS re:Post, you agree to the AWS re:Post Terms of Use

IPv6 reverse lookup gives AWS-dns-servers

0

I am running an EC2 instances with Ubuntu 24.04 running bind as dns server with a double Ipv4 and ipv6 stack. I have configured bind for Ipv4 and ipv6 addresses. This is the output I get:

nslookup -debug 46.137.96.254

    QUESTIONS:
	254.96.137.46.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  254.96.137.46.in-addr.arpa
	name = mail.alforto.nl.
	ttl = 300
    AUTHORITY RECORDS:
    ADDITIONAL RECORDS:

254.96.137.46.in-addr.arpa	name = mail.alforto.nl.

Ipv4 works correct. But ipv6 does not work:

nslookup -debug 2a05:d018:1e3d:1800:e10b:5580:68f0:eb7

QUESTIONS:
7.b.e.0.0.f.8.6.0.8.5.5.b.0.1.e.0.0.8.1.d.3.e.1.8.1.0.d.5.0.a.2.ip6.arpa, type = PTR, class = IN
ANSWERS:
AUTHORITY RECORDS:
->  1.8.1.0.d.5.0.a.2.ip6.arpa
origin = **dns-external-ma(aa)ster.amazon.com**
mail addr =** root.amazon.com**
serial = 18
refresh = 28800
retry = 900
expire = 604800
minimum = 900
ttl = 900
ADDITIONAL RECORDS:

** server can't find 7.b.e.0.0.f.8.6.0.8.5.5.b.0.1.e.0.0.8.1.d.3.e.1.8.1.0.d.5.0.a.2.ip6.arpa: NXDOMAIN Ipv6 points to a Amazon server and that is not good. I can solve this problem by disabling Ipv6, but that is not a real solution.

How can I change the amazon.com dns-servers to my own dns-server on ec2? Which setting do I miss?

Thank you for your help.

asked 20 days ago32 views
3 Answers
0

The behavior you're experiencing with IPv6 reverse DNS (rDNS) lookups pointing to Amazon DNS servers is expected and is due to how AWS manages the IPv6 address space for EC2 instances.

Unlike IPv4, where you can set up custom reverse DNS entries for Elastic IP addresses, AWS currently does not provide a way for customers to directly manage reverse DNS entries for IPv6 addresses assigned to EC2 instances.

The IPv6 addresses in AWS are part of Amazon's allocated IPv6 range, and the reverse DNS zone for these addresses is controlled by AWS. This is why you're seeing references to Amazon's DNS servers in your IPv6 reverse lookup.

Unfortunately, there isn't a straightforward way to change this behavior or point the IPv6 reverse DNS to your own DNS server on EC2. AWS does not currently offer a self-service option for setting custom PTR records for IPv6 addresses.

However, there are a few potential workarounds you could consider:

  1. Contact AWS Support: If you have an appropriate support plan, you can request AWS to set a custom PTR record for your IPv6 address. This is not an automated process and may take some time.

  2. Use a different IPv6 range: If you have your own IPv6 address space, you might be able to bring your own IP addresses to AWS (though this is typically only available for larger enterprises).

  3. Use a proxy or NAT64: You could potentially set up a proxy or NAT64 gateway that uses an IPv4 address with a custom PTR record, and route your IPv6 traffic through it.

  4. Focus on forward DNS: Ensure your forward DNS (AAAA records) is correctly set up, as many systems primarily rely on forward DNS lookups.

It's worth noting that AWS is aware of this limitation, and there have been feature requests from the community to allow custom IPv6 reverse DNS entries. However, as of now, this feature is not available.

While disabling IPv6 is not an ideal solution as you mentioned, it remains one of the few options under your direct control if you absolutely need custom reverse DNS for all your IP addresses.
Sources
Please allow reverse DNS for EC2 IPv6 | AWS re:Post
AWS services that support IPv6 - Amazon Virtual Private Cloud
IPv6 addressing - IPv6 on AWS

profile picture
answered 20 days ago
0

Gmail requires a reverse lookup for my IP address. Not being able to configure my own reverse lookup for IPv6 addresses blocks sending emails to Gmail addresses and effectively prevents using my own email server on an Amazon EC2 instance. The only solution seems to be to use only IPv4 for email, but IPv6 is a requirement for having a correct email address in my country. You can test your own email address on internet.nl .

For now, I have disabled IPv6 for email, but I urge Amazon to find a permanent solution to this issue.

P.S. Your text includes wording ( Netherl(a)nds ) that is not allowed on re:Post, please edit it before proceeding. Why in Netherl(a)nds not allowed?

answered 18 days ago
0

Actually, setting up reverse DNS for an AWS IPv6 address can be done in the exact same way as for IPv4, see my own answers to my old question on this topic: https://repost.aws/questions/QUgROEsvrGTPKPAXFVCf8xwA/please-allow-reverse-dns-for-ec2-ipv6

answered 17 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions