Posted On: Nov 24, 2021

Starting today, your IPv6 AWS resources in Amazon Virtual Private Cloud (VPC) can use NAT64 (on AWS NAT Gateway) and DNS64 (on Amazon Route 53 Resolver) to communicate with IPv4 services. As you transition your workloads to IPv6 networks, they would continue to need access to IPv4 network and services. With NAT64 and DNS64, your IPv6 resources can communicate with IPv4 services within the same VPC or connected VPCs, your on-premises networks, or the Internet.

A NAT Gateway enables instances in a private subnet to connect to services outside that subnet using the NAT Gateway’s IP address and Route 53 Resolver is a DNS server that is available by default in all Amazon VPCs. In order to enable your IPv6 workloads to communicate with IPv4 networks, you can enable DNS64 on the subnet containing your IPv6 services and route the subnet’s traffic destined for IPv4 services through a NAT Gateway. There is no separate configuration required on NAT Gateway. The DNS64 service synthesizes and returns the AAAA records for IPv4 destinations, and the NAT Gateway performs the translation on the traffic to allow IPv6 services in your subnet to access IPv4 services outside that subnet. This way, by using both DNS64 and NAT64, your IPv6 resources in the subnet can communicate with IPv4 services anywhere outside this subnet.

NAT64 on NAT Gateway and DNS64 on Route 53 Resolver are available in the following AWS Regions today: US East (N. Virginia), US West (Oregon), and US West (N. California). To learn more about VPC NAT Gateway and DNS64 on Route 53 Resolver, please visit our documentation.