By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

I want to get DNS64 working in an ECS on EC2 container.

0

I changed the run on ECS on Fargate to ECS on EC2, and in both runs DNS64 is supposed to work, but it doesn't.

Is it a non-working specification?
I want to make it work.

# ECS on Fargate
networkMode: awsvpc
subnet DNS64: enabled

root@ip-10-0-3-222:~# dig amazon.com aaaa

; <<>> DiG 9.11.5-P4-5.1+deb10u9-Debian <<>> amazon.com aaaa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55272
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;amazon.com.                    IN      AAAA

;; ANSWER SECTION:
amazon.com.             300     IN      AAAA    64:ff9b::36ef:1c55
amazon.com.             300     IN      AAAA    64:ff9b::cdfb:f267
amazon.com.             300     IN      AAAA    64:ff9b::345e:ecf8

;; Query time: 1 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Thu Jan 11 18:22:59 JST 2024
;; MSG SIZE  rcvd: 123

root@ip-10-0-3-222:~#

# ECS on EC2
networkMode: awsvpc
subnet DNS64: enabled

root@ip-10-0-3-239:~# dig amazon.com aaaa

; <<>> DiG 9.11.5-P4-5.1+deb10u9-Debian <<>> amazon.com aaaa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39391
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;amazon.com.                    IN      AAAA

;; AUTHORITY SECTION:
amazon.com.             244     IN      SOA     dns-external-master.amazon.com. hostmaster.amazon.com. 2010183054 180 60 604800 900

;; Query time: 0 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Thu Jan 11 18:23:24 JST 2024
;; MSG SIZE  rcvd: 106

root@ip-10-0-3-239:~#
Topics
ServerlessContainersNetworking & Content Delivery
Tags
AWS FargateAmazon Elastic Container ServiceDomain Name System (DNS)
Language
English
slow
asked 4 months ago171 views
1 Answer
0

I get the same issue for amazon.com from my Windows 11 machine. Seems amazon.com doesnt have any IPV6 records for the domain apex. Also evidence here https://mxtoolbox.com/SuperTool.aspx?action=aaaa%3aamazon.com&run=toolpage

Try a different hostname such as www.amazon.com and I believe you will recieve a results.

profile picture
EXPERT
Gary Mclean
answered 4 months ago
  • slow
    4 months ago

    Thank you for your reply.

    It is true that there is no IPV6 record.

    that is so, however ...

    I want an Ipv6 address using the DNS64 functionality described on the following page.

    https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-nat64-dns64.html

    It works with ECS on Fargate, but not with ECS on EC2 container. Both containers are placed on the same subnet using awsvpc, so we assume they will work with ECS on EC2 containers.

  • Gary Mclean EXPERT
    4 months ago

    Appologies, I see what your trying to do now. I think your problem may be because your still performing DNS queries over IPV4 and not over IPV6. As documented this only works for IPV6 workloads and your running IPV4 to query a AAAA record. I believe you need to not use IPV4 addressing and ONLY use IPV6 on your neworking stack I could be completely wrong :-)

  • Gary Mclean EXPERT
    4 months ago

    Addtionaly it says for IPV4 only domains.. Do you know any domains that are ONLY IPV4 to test against? try the test against ipv4.jamieweb.net

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content