3

Allow me to apologize ahead of time. I know this question has been asked and in one way or another answered multiple times across the net. Problem is, all the solutions and answers are contradicting sometimes and just confusing me ultimately. I was asked to by our dev group to get v6 access configured for their instance(s) in AWS. I don't normally deal with DNS stuff, so I'm getting a little mixed up. Here is the goal. IPv4 and IPv6 access to the servers in the AWS cloud which apparently can be done now via the load balancers. Here's where things start to get tricky. The domains are hosted at dreamhost. Can anyone explain how to get this configured? You would think it would be as simple as creating an A and AAAA record inside dreamhost pointing to the IPv4 and IPv6 address of the AWS load balancer. Please help! Thank you!

As a side note, I have read lots about Route 53, but it looks like unless its required to get this to work, we need to avoid it. From what I understand, its just AWS's DNS. I want to avoid having to transfer services away from dreamhost. Lots of other stuff in there.

Andrew Robinson
  • 31
  • 1
  • 2

1 Answers1

5

Route53 may be required if you want to point your domain apex at a load balancer.

You can get started testing quickly by creating a subdomain of your domain (say ipv6.example.com) and pointing it at the ipv6 subdomain of your ELB via a CNAME. You can also point dualstack.example.com at dualstack.your-elb.eu-west-1.elb.amazonaws.com. Your DNS provider doesn't even need to support IPv6 itself for this step to work.

The ipv6 subdomain will only respond with AAAA records. The dualstack subdomain will respond with both A and AAAA records.

You may need to change the security group for your ELB to allow IPv6 traffic in.

The ELB will still use IPv4 internally to talk to your instances.

One more catch: this doesn't work if your ELB is in a VPC.

Since you can't have CNAME records at the zone apex, to point the zone apex at an IPv6 ELB, you need a DNS provider that supports some form of CNAME-like behaviour for A and AAAA records. Route53 call these Alias records. Other providers call these ANAME records. None of these are internet standards yet so the names and the functionality differ. Most of them work by setting low TTLs and periodically checking the target of the Alias or ANAME record and changing the record to match. Since Amazon are in control of both the DNS lookup and the target, they can change both at exactly the same time.

More reading and possibly better instructions in the answers to this question.

If you want to support people who only have IPv6, you will need to check every part of the process that forms a request. This includes making sure that your DNS provider has name servers on IPv6 and that their parent at the DNS root servers is also on IPv6 and serves those addresses in the glue.

To get IPv6 connectivity in the EC2 instances themselves, I understand you still need a tunnel broker.

Community
  • 1
Ladadadada
  • 26,337
  • 7
  • 59
  • 90
  • The answer above given by Ladadadada is essentially correct. For some reason, the website will not allow me to select his answer as the correct one. Follow the links provided. They are very helpful. – Atomiklan Jul 29 '13 at 08:12
  • 1
    @user2272450 Only the person who asked the question may accept an answer. If that is you, please [merge your accounts](http://serverfault.com/help/merging-accounts) to regain control of them. – Michael Hampton Jul 29 '13 at 08:14