From 5997712e9f921391efada0fb4be8856c00ee3fe4 Mon Sep 17 00:00:00 2001
From: Thomas Eizinger <thomas@eizinger.io>
Date: Sat, 22 Jun 2024 08:13:15 +1000
Subject: [PATCH] chore(aws-staging): disable DNS64 (#5483)

DNS64 without a NAT64 gateway breaks IPv4-only resources because we
receive AAAA records from the `64:ff9b::/96` subnet, yet nothing
actually routes and translates these packets.
---
 terraform/environments/staging/aws.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/terraform/environments/staging/aws.tf b/terraform/environments/staging/aws.tf
index c183a9695..d4972a0a1 100644
--- a/terraform/environments/staging/aws.tf
+++ b/terraform/environments/staging/aws.tf
@@ -36,6 +36,7 @@ module "vpc" {
   enable_ipv6                                    = true
   public_subnet_assign_ipv6_address_on_creation  = true
   private_subnet_assign_ipv6_address_on_creation = true
+  public_subnet_enable_dns64                     = false # DNS64 without a NAT64 gateway breaks IPv4-only resources
 
   public_subnet_ipv6_prefixes  = [0, 1]
   private_subnet_ipv6_prefixes = [2, 3]