white switch hub turned on

Using IPv6 To Access Lightsail WordPress Instances

AWS Lightsail makes it easy to spin up new WordPress instances and get a completely custom site online in minutes. However the default configuration can lead to dynamic IP addresses that are difficult to map to a domain name. The quick option is to modify the instance to use a static IP address, which doesn’t change, then point your DNS A record for your website URL to that static IP.

The problem is you only get to have a maximum of five static IPs with your Lightsail account. However, there is another way – using IPv6 to access Lightsail.

The downside to this approach is there are still a lot of ISPs using subpar DNS services that do not support IPv6 connectivity. As such using IPv6 ONLY is still only truly viable for semi-private or private resources where you know your audience is using an IPv6 friendly ISP.

Using IPv6 To Access Lightsail

By default the Lightsail WordPress template by Bitnami will enable both IPV4 and IPV6 networking.

With IPV6 the auto-assigned address for the instance never changes. It will only go away when you delete the instance, or possibly change if you disable IPv6 then re-enable it (don’t do this). IPv5 addresses are also always public, which means you don’t have a separate “internal IP for the network” and “published public IP” that are different.

The nice thing about IPv6 addresses with AWS Lightsail is that you get as many as you want with no limit. Every single resource in your AWS cloud presence can have its own IPv6 address.

Using IPv6 To Access Lightsail

How do you point your domain name to the Lightsail instance using IPv6?

Enter the AAAA record – this has been part of DNS for years specifically to support IPv6 traffic. All respectable domain hosting providers will support AAAA records. To get your web traffic going to your Lightsail instance click on the instance you started and go to the Networking tab. Copy the IPV6 address listed there. Go to your DNS provider, create a new hostname entry with the AAA record.

Using the right DNS provider

Even today, more than 5 years since the 2017 ratification of the IPv6 standard by IETF, you’ll find plenty of DNS providers that do not properly support IPv6 and the AAAA records. My current ISP, WoW is one of those providers.

Update: Here we are, start of 2024 and WoW! (wowway.com) STILL does not provide native IPV6 support on their network. Lame.

Using IPv6 to access lightsail may require overriding your ISPs DNS provider
Overriding the default DNS provider with OpenDNS on a MacBook

You can check your current service provider by using the IPv6 test tool listed in resources below. If you need to change your DNS provider, as I did, you have two ways to do it.

The first method – changing network settings on your device, means you’ll have IPv6 access whenever you are using the device.

If you want to get IPv6 throughout your home you can opt to manually override your DNS provider on your router. This means every device in your home will have IPv6 connectivity as long as the devices are connecting to your router. If you have a mobile device or a laptop and connect to another network, the WiFi at your local coffee shop for instance, you will lose access to IPv6 only web content. Thankfully (or sadly) IPv6 is still so poorly supported in the United States that any major online presence still operates a horribly outdated IPv4 connection (as I do on this blog).

Configuring a router to use OpenDNS

Personally I setup my mobile devices to use IPv6 by overriding the default network settings to use OpenDNS while also setting my home router to use IPv6. This means I don’t have to configure the dozen-plus devices at home, like the Playstation or FireTV, and I still have IPv6 on my laptop when I’m at another location.

If you find you have to use a service like OpenDNS to get IPv6 access, please send your ISP or DNS provider a note asking them to fully implement IPv6.

Using the right router

Not all routers are created equal. Many older, heck even some newer, routers do not properly support IPv6. We found that out when configuring the DNS provider at a shared workspace where a high end Nighthawk router by Netgear would not pass through IPv6 data. That router always converted IPv6 addresses to IPv4 or required the upstream pass-through routers to provide the IPv6 configuration information. Neither was an option.

What routers work? Here is what is being used at one location. If you know of others, please share.

Using the right browser

The latest version of Firefox has IPv6 DNS lookups enabled by default.

Getting Your SSL Cert

IPv6 will require you to use proper HTTPS certs. Add one to your Lightsail instance after setting up your record pointers.

Login via SSH from the Lightsail console then type:

sudo /opt/bitnami/bncert-tool

Awwww… snap… that does not work with IPv6. See this post about it.

The easiest workaround for Bitnami’s IPv6 SSL Cert tool’s shortcoming is to point an A record to your temporary IPv4 address. Once that is live, usually within 5 minutes with standard TTL propagation rules, you can re-run the cert tool.

Once your site has the SSL certificate it will work for the IPv6 address. Certs are bound to domain names not IP addresses. The IP address is only used during the certificate generation process to validate ownership.

Related Resources

Enabling and disabling IPv6 for your resources in Amazon Lightsail

  • IPv6 is enabled by default for Lightsail instances, container services, CDN distributions, and load balancers.
  • The IPv6 address for an instance persists when you stop and start your instance. It’s released only when you delete your instance, or disable IPv6 for your instance.

Test Your IPv6 Connectivity

  • This service helps check IPv6 connectivity from your current device and the ISP providing your Internet access at your current location.
  • Many users, especially in the United States, are still dealing with half-implemented IPv6 services; Typically through a misconfigured 6to4 service or by using a DNS service that does not support IPv6 (hello WoW… we are way past 1999 here).

Cisco OpenDNS with IPv6 Support

  • Change your DNS provider on your router or on your device by overriding the default network settings and get full access to IPv6 sites.
  • The OpenDNS servers are at
    • 208.67.222.222
    • 208.67.220.220

IPv6 on Wikipedia

  • IPv6 was created by IETF to deal with IPv4 address exhaustion
  • IPv6 is meant to replace IPv4
  • IPv6 was introduced in 1998
  • IPv6 became an Internet standard in 2017
  • IPv6 uses 128-bit addresses resulting in 3.4 x 10^38 (3.4 with 38 zeros after it) addresses
    • IPv4 uses a 32-bit address with 4,300,000,000 addresses
    • All 4.3 billion addresses were allocated and in-use by April 2011
    • Many tricks, like sharing of IP addresses has allowed IPv4 to live another decade, but it causes lots of problems for security and performance

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.