0

I use AWS Route 53 in front of a CloudFront web distribution. I'm trying to add IPv6 support for my CF distribution.

Following the AWS docs on enabling IPv6 for Route 53, I added a AAAA record that is an Alias to my CF web distribution.

When I hit my AAAA record over IPv6 from cURL I get a:

curl -v -6 https://testcdnv6.mydomain.com/test.json
Could not resolve host: testcdnv6.mydomain.com

I know IPv6 is working fine on the machine I am running cURL on as facebook.com works:

curl -v -6 https://facebook.com
* Rebuilt URL to: https://facebook.com/
*   Trying 2a03:2880:f111:83:face:b00c:0:25de...
* Connected to facebook.com (2a03:2880:f111:83:face:b00c:0:25de) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 692 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_ECDSA_AES_128_GCM_SHA256

What am I missing here? testcdnv6.mydomain.com does NOT have an IPv4 A record. I have waited more than an hour for DNS change to propagate.

dig testcdnv6.mydomain.com ANY does not return anything in the ANSWER SECTION:

rynop
  • 239
  • 4
  • 16
  • You should check your resolver.. The Could not resolve host may indicate that your PC is failing with DNS resolution... – ryekayo Sep 25 '17 at 20:09
  • dns resolution is working as I can get facebook.com over IPv6 and IPv4 – rynop Sep 25 '17 at 20:55
  • 2
    Without knowing the domain name I don't think there is much we can do to help you. – kasperd Sep 25 '17 at 20:56
  • 1
    At the risk of asking the obvious: Did you enable IPv6 in the distribution itself? Assuming you did, the next question: does the dxxxexample.cloudfront.net hostname for your CloudFront distribution work with your IPv6 test methodology? – Michael - sqlbot Sep 26 '17 at 14:07
  • @Michael-sqlbot that was it, need to enable it in the CF distro before nameservers respond. – rynop Sep 26 '17 at 21:45

1 Answers1

1

Turns out because I used a route 53 alias to a CloudFront distribution, the DNS entry does not show up UNTIL you enable IPv6 support in your CloudFront configuration. As soon as I configured it, dns queries started to return AAAA responses.

dig testcdnv6.mydomain.com AAAA +short
2600:9000:2013:ba00:6:6bd9:e340:93a1
2600:9000:2013:bc00:6:6bd9:e340:93a1
2600:9000:2013:ee00:6:6bd9:e340:93a1
2600:9000:2013:fa00:6:6bd9:e340:93a1
2600:9000:2013:600:6:6bd9:e340:93a1
2600:9000:2013:2a00:6:6bd9:e340:93a1
2600:9000:2013:8e00:6:6bd9:e340:93a1
2600:9000:2013:a200:6:6bd9:e340:93a1
rynop
  • 239
  • 4
  • 16