I changed the run on ECS on Fargate to ECS on EC2, and in both runs
DNS64 is supposed to work, but it doesn't.
Is it a non-working specification?
I want to make it work.
# ECS on Fargate
networkMode: awsvpc
subnet DNS64: enabled
root@ip-10-0-3-222:~# dig amazon.com aaaa
; <<>> DiG 9.11.5-P4-5.1+deb10u9-Debian <<>> amazon.com aaaa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55272
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;amazon.com. IN AAAA
;; ANSWER SECTION:
amazon.com. 300 IN AAAA 64:ff9b::36ef:1c55
amazon.com. 300 IN AAAA 64:ff9b::cdfb:f267
amazon.com. 300 IN AAAA 64:ff9b::345e:ecf8
;; Query time: 1 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Thu Jan 11 18:22:59 JST 2024
;; MSG SIZE rcvd: 123
root@ip-10-0-3-222:~#
# ECS on EC2
networkMode: awsvpc
subnet DNS64: enabled
root@ip-10-0-3-239:~# dig amazon.com aaaa
; <<>> DiG 9.11.5-P4-5.1+deb10u9-Debian <<>> amazon.com aaaa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39391
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;amazon.com. IN AAAA
;; AUTHORITY SECTION:
amazon.com. 244 IN SOA dns-external-master.amazon.com. hostmaster.amazon.com. 2010183054 180 60 604800 900
;; Query time: 0 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Thu Jan 11 18:23:24 JST 2024
;; MSG SIZE rcvd: 106
root@ip-10-0-3-239:~#
Thank you for your reply.
It is true that there is no IPV6 record.
that is so, however ...
I want an Ipv6 address using the DNS64 functionality described on the following page.
https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-nat64-dns64.html
It works with ECS on Fargate, but not with ECS on EC2 container. Both containers are placed on the same subnet using awsvpc, so we assume they will work with ECS on EC2 containers.
Appologies, I see what your trying to do now. I think your problem may be because your still performing DNS queries over IPV4 and not over IPV6. As documented this only works for IPV6 workloads and your running IPV4 to query a AAAA record. I believe you need to not use IPV4 addressing and ONLY use IPV6 on your neworking stack I could be completely wrong :-)
Addtionaly it says for IPV4 only domains.. Do you know any domains that are ONLY IPV4 to test against? try the test against ipv4.jamieweb.net