I have the following two CloudFormation resources:
"TestELB" { ... },
"TestRecordSetGroup": {
"Type": "AWS::Route53::RecordSetGroup",
"Properties": {
"HostedZoneName": "example.com.",
"RecordSets": [
{
"Name": "subdomain.example.com.",
"Type": "A",
"AliasTarget": {
"HostedZoneId": {"Fn::GetAtt": ["TestELB", "CanonicalHostedZoneNameID"]},
"DNSName": {"Fn::GetAtt": ["TestELB", "CanonicalHostedZoneName"]}
}
},
{
"Name": "subdomain.example.com.",
"Type": "AAAA",
"AliasTarget": {
"HostedZoneId": {"Fn::GetAtt": ["TestELB", "CanonicalHostedZoneNameID"]},
"DNSName": {"Fn::Join": [".", ["ipv6", {"Fn::GetAtt": ["TestELB", "CanonicalHostedZoneName"]}]]}
}
}
]
}
}
After the stack updates, I see both records listed in my zone with the expected alias values. The A record works, as verified with dig:
$ dig A subdomain.example.com
...
;; QUESTION SECTION:
;subdomain.example.com. IN A
;; ANSWER SECTION:
subdomain.example.com. 59 IN A 11.22.33.44
;; Query time: 38 msec
...
But the AAAA record does not work:
$ dig AAAA subdomain.example.com
...
;; QUESTION SECTION:
;subdomain.example.com. IN AAAA
;; AUTHORITY SECTION:
example.com. 899 IN SOA ns-1234.awsdns-11.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
;; Query time: 54 msec
...
I think it has something to do with Fn::Join being used to add ipv6. to the beginning of the ELB's DNS name. If I change the A record so it uses Fn:Join to prepend dualstack. to the DNS name it also fails in the same way.
Is Fn::Join the correct way to add ipv6. or dualstack. to the beginning of a DNS name?
Turns out I was being too clever. Even though the output in CanonicalHostedZoneName does not contain
ipv6.ordualstack., you don't actually need it in this context. Through some bit of magic that is not very well documented in the AWS literature, the record set understands whether the alias is in an A context or an AAAA context and does the right thing accordingly. The full, working record set group is: