Confusing DNS64 behaviour with public subnets #972
Description
Description
public_subnet_enable_dns64 is true by default and with enable_ipv6 = true; this enables DNS64 for created public subnets.
However, if a given domain doesn't have an IPv6 record, it's resolved to 64:ff9b::/96 which in turn needs an additional route setup
to work correctly.
- ✋ I have searched the open/closed issues and my issue is not listed.
Somewhat similar to #923, but for public subnets.
Versions
-
Module version [Required]:
5.1.1 -
Terraform version:
1.5.4
- Provider version(s): AWS -
5.10.0
Reproduction Code [Required]
module "aws_vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "5.1.1"
name = local.vpc_name
cidr = var.vpc_cidr
azs = local.azs
public_subnets = ["10.0.11.0/24", "10.0.12.0/24", "10.0.13.0/24"]
enable_ipv6 = true
assign_ipv6_address_on_creation = true
enable_dns_hostnames = true
enable_dns_support = true
map_public_ip_on_launch = true
public_subnet_assign_ipv6_address_on_creation = true
enable_dhcp_options = true
dhcp_options_domain_name = var.domain_name
dhcp_options_domain_name_servers = ["AmazonProvidedDNS"]
public_subnet_ipv6_prefixes = [0, 1, 2]
}
Steps to reproduce the behavior:
curl -6 api.github.com from the EC2 instance within one of the public subnets above hangs.
Expected behavior
DNS64 enabled along with the corresponding route for resolving 64:ff9b::/96
Actual behavior
An IP from 64:ff9b::/96 is not routed correctly:(