- Newest
- Most votes
- Most comments
Your understanding is correct, JB.
If you have an IPv6-only instance and need to access IPv4 services, the approach is to use a NAT gateway. This is because IPv6 and IPv4 are different protocols and aren't directly interoperable without some form of translation or gateway.
While AWS provides mechanisms like the NAT gateway to enable IPv6 instances to access IPv4 services, it does come with associated costs. If you rarely use the NAT gateway, it might lead to unwanted charges.
From my understanding, accessing AWS Route 53 using IPv6 directly is not supported. AWS Route 53 DNS service primarily operates over IPv4. However, for use cases like Let' sEncrypt certbot with a DNS challenge to Route 53, you can generally work around the IPv6-only limitation by employing a dual-stack approach.
Here are some potential steps to consider:
IPv6-Enabled Instance:
Ensure your instance is IPv6-enabled.
Dual-Stack Setup:
If possible, consider a dual-stack setup where your instance has both IPv4 and IPv6 addresses.
Use NAT Gateway for IPv4 Access:
If you must go with an IPv6-only instance, you might still need a NAT gateway for IPv4 access, as IPv6 cannot directly communicate with IPv4.
Route 53 API Calls:
While direct IPv6 access to Route 53 might not be supported for DNS resolution, you can use AWS SDKs or CLI commands from your IPv6-enabled instance to interact with the Route 53 API over IPv4.
I have accepted the answer from hoylem because it does affirm there is no clear path to avoiding either the cost of a NAT gateway or the cost of a public IPv4 address. I have dns64 enabled which is helping with resolving addresses but it is the dns challenge to route53 that is the issue. There are many workarounds for this that i won't expand upon - all I needed to know whether or not there was a gap in my understanding of the situation. Thank you Hoylem.
Hi JB,
Route53 has announced in September 2023 that it can be accessed via IPv6: see https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-dual-stack-and-ipv6-only-support-for-amazon-route-53-resolver-endpoints/
It now supports dual-stack and IPv6-only for Amazon Route 53 Resolver Endpoints.
So, I guess that you can do what you want without NAT gateway
Best,
Didier
Hi Didier,
Thanks for your reply. My challenge is not so much about DNS query traffic as about interacting with Route53 and hosted zones' configuration directly through the certbot API which uses a Python boto3 route53 client: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/route53.html#route53
If there is a way to do this with only an IPv6 interface then I'd be interested to know about it but I am OK now anyway with a workaround.
Regards,
John
Relevant content
- asked 7 months ago
- asked 4 months ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 2 years ago
IPv6-only access to route53 is possible: see my answer below