Using CloudFormation, I cannot get an AAAA record to work with ELB

Question

I have the following two CloudFormation resources:

"TestELB" { ... },
"TestRecordSetGroup": {
  "Type": "AWS::Route53::RecordSetGroup",
  "Properties": {
    "HostedZoneName": "example.com.",
    "RecordSets": [
      {
        "Name": "subdomain.example.com.",
        "Type": "A",
        "AliasTarget": {
          "HostedZoneId": {"Fn::GetAtt": ["TestELB", "CanonicalHostedZoneNameID"]},
          "DNSName": {"Fn::GetAtt": ["TestELB", "CanonicalHostedZoneName"]}
        }
      },
      {
        "Name": "subdomain.example.com.",
        "Type": "AAAA",
        "AliasTarget": {
          "HostedZoneId": {"Fn::GetAtt": ["TestELB", "CanonicalHostedZoneNameID"]},
          "DNSName": {"Fn::Join": [".", ["ipv6", {"Fn::GetAtt": ["TestELB", "CanonicalHostedZoneName"]}]]}
        }
      }
    ]
  }
}

After the stack updates, I see both records listed in my zone with the expected alias values. The A record works, as verified with dig:

$ dig A subdomain.example.com
...
;; QUESTION SECTION:
;subdomain.example.com.       IN      A
;; ANSWER SECTION:
subdomain.example.com. 59     IN      A       11.22.33.44
;; Query time: 38 msec
...

But the AAAA record does not work:

$ dig AAAA subdomain.example.com
...
;; QUESTION SECTION:
;subdomain.example.com.       IN      AAAA
;; AUTHORITY SECTION:
example.com.         899     IN      SOA     ns-1234.awsdns-11.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
;; Query time: 54 msec
...

I think it has something to do with Fn::Join being used to add ipv6. to the beginning of the ELB's DNS name. If I change the A record so it uses Fn:Join to prepend dualstack. to the DNS name it also fails in the same way.

Is Fn::Join the correct way to add ipv6. or dualstack. to the beginning of a DNS name?

score 1 · Accepted Answer · answered Dec 10 '15 at 15:33

Turns out I was being too clever. Even though the output in CanonicalHostedZoneName does not contain ipv6. or dualstack., you don't actually need it in this context. Through some bit of magic that is not very well documented in the AWS literature, the record set understands whether the alias is in an A context or an AAAA context and does the right thing accordingly. The full, working record set group is:

"TestRecordSetGroup": {
  "Type": "AWS::Route53::RecordSetGroup",
  "Properties": {
    "HostedZoneName": "example.com.",
    "RecordSets": [
      {
        "Name": "subdomain.example.com.",
        "Type": "A",
        "AliasTarget": {
          "HostedZoneId": {"Fn::GetAtt": ["TestELB", "CanonicalHostedZoneNameID"]},
          "DNSName": {"Fn::GetAtt": ["TestELB", "CanonicalHostedZoneName"]}
        }
      },
      {
        "Name": "subdomain.example.com.",
        "Type": "AAAA",
        "AliasTarget": {
          "HostedZoneId": {"Fn::GetAtt": ["TestELB", "CanonicalHostedZoneNameID"]},
          "DNSName": {"Fn::GetAtt": ["TestELB", "CanonicalHostedZoneName"]}
        }
      }
    ]
  }
}

Your solution is correct, both A and AAAA records have an identical ELB alias values. It's not magic, simply for DNS queries of type A - an IPv4 address is returned and for queries of type AAAA - an IPv6 address is returned. — Evgeny Goldin, Dec 20 '15 at 00:30

Using CloudFormation, I cannot get an AAAA record to work with ELB

1 Answers1