Posted On: Feb 28, 2022

Starting today, your IPv6 Amazon Web Services resources in Amazon Virtual Private Cloud (VPC) can use NAT64 (on NAT Gateway) and DNS64 (on Route 53 Resolver) to communicate with IPv4 services. As you transition your workloads to IPv6 networks, they would continue to need access to IPv4 network and services. With NAT64 and DNS64, your IPv6 resources can communicate with IPv4 services within the same VPC or connected VPCs, your on-premises networks, or the internet.

A NAT Gateway enables instances in a private subnet to connect to services outside that subnet using the NAT Gateway’s IP address and Route 53 Resolver is a DNS server that is available by default in all Amazon VPCs. In order to enable your IPv6 workloads to communicate with IPv4 networks, you can enable DNS64 on the subnet containing your IPv6 services and route the subnet’s traffic destined for IPv4 services through a NAT Gateway. There is no separate configuration required on NAT Gateway. The DNS64 service synthesizes and returns the AAAA records for IPv4 destinations, and the NAT Gateway performs the necessary translation on the traffic to allow IPv6 services in your subnet to access IPv4 services outside that subnet.

NAT64 on NAT Gateway and DNS64 on Route 53 Resolver are available in all Amazon Web Services commercial regions including the Amazon Web Services China (Beijing) Region, operated by Sinnet, and the Amazon Web Services China (Ningxia) region, operated by NWCD. To learn more about VPC NAT Gateway and DNS64 on Route 53 Resolver, please visit our documentation.