From b9b1d60142ce33e23b895bc811b52e2043b8552e Mon Sep 17 00:00:00 2001
From: Liam Bigelow <40188355+bglw@users.noreply.github.com>
Date: Tue, 28 Oct 2025 11:11:35 +1300
Subject: [PATCH 1/2] Document `all.` prefixed internal DNS + bifurcate
internal DNS table (#2283)
---
networking/private-networking.html.md | 53 ++++++++++++++++-----------
1 file changed, 31 insertions(+), 22 deletions(-)
diff --git a/networking/private-networking.html.md b/networking/private-networking.html.md
index 275fbe5a60..14ac87933f 100644
--- a/networking/private-networking.html.md
+++ b/networking/private-networking.html.md
@@ -17,35 +17,44 @@ You can connect apps running outside of Fly.io to your 6PN using WireGuard. You
You can use `.internal` domains to connect your app to databases, API servers, or other apps in your 6PN. If you don't need the granular subdomains and routing available with `.internal`, and you want to use Fly Proxy features for your internal apps, then you should use [Flycast](/docs/networking/flycast/) instead.
-A Fly Machine is configured to resolve domain names with a custom DNS server from the Fly Platform. This DNS server can resolve arbitrary DNS queries, so you can look up `google.com` with it. But it’s also aware of 6PN addresses, and will let you look up 6PN addresses for other apps in your organization. Those addresses live under the custom top-level domain `.internal`.
+A Fly Machine is configured to resolve domain names with a custom DNS server from the Fly Platform. This DNS server can resolve arbitrary DNS queries, so you can look up `google.com` with it. But it’s also aware of 6PN addresses, and will let you look up 6PN addresses for other apps in your organization. Those addresses live under the custom top-level domain `.internal`.
Underneath `.internal` there are second-level domains for every app in your Fly organization. For example, if your app is in an organization with another app called `my-app-name`, then there will be a AAAA record at `my-app-name.internal`. The AAAA record will contain all the 6PN addresses of the started Fly Machines that belong to the `my-app-name` Fly App. Note that different libraries and tools will use multi-address AAAA records differently; most will only use the first address that is returned, but others might round-robin between entries for every request -- if you'd like to know more, consult the documentation for the library or tool you are using for DNS lookup.
-
-**Important:** All queries to Fly.io `.internal` domains only return information for started (running) Machines. Any stopped Machines, including those autostopped by Fly Proxy, are not included in the response to the DNS query.
-
-
Each `.internal` domain has further subdomains which can be used to return a more precise subset of the started Machines in that app. For example, you can add a region name qualifier to return the 6PN addresses of an app's Machines in a specific region: `iad.my-app-name.internal`. Querying this domain returns the 6PN addresses of `my-app-name` Machines in the `iad` region.
Some `.internal` domains do not contain an AAAA record, but instead contain a TXT record with Machine, app, or region information. For example, if you request the TXT records using `regions.my-app-name.internal`, then you'll get back a comma-separated list of regions that `my-app-name` is deployed in. And you can discover all the apps in the organization by requesting the TXT records associated with `_apps.internal`. This will return a comma-separated list of the app names.
-The following table lists the available `.internal` domains:
-
-| Name | AAAA | TXT |
-| -- | --- | -- |
-|`.internal`|6PN addresses of all
Machines in any
region for the app|none
-|`top.nearest.of..internal`|6PN addresses of
top _number_ closest
Machines for the app|none
-|`.vm..internal`|6PN address of
a specific Machine
for the app|none
-|`vms..internal`|none|comma-separated list
of Machine ID and region
name for the app
-|`.process..internal`|6PN addresses of
Machines in process
group for the app|none
-|`..internal`|6PN addresses of
Machines in region
for the app|none
-|`global..internal`|alias for
`.internal`|none
-|`regions..internal`|none|comma-separated list
of region names where
Machines are deployed
for app|
-|`..kv._metadata..internal`|6PN addresses of
Machines with
matching [metadata](https://community.fly.io/t/dynamic-machine-metadata/13115)|none|
-|`_apps.internal`|none|comma-separated list
of the names of all apps
in current organization|
-|`_peer.internal`|none|comma-separated list
of the names of all
WireGuard peers in
current organization|
-|`._peer.internal`|6PN address of peer|none|
-|`_instances.internal`|none|comma-separated list
of Machine ID, app name,
6PN address, and region for
all Machines in current
organization|
+
+**Important:** All AAAA queries to Fly.io `.internal` domains only return 6PN information for started (running) Machines. Any stopped Machines, including those autostopped by Fly Proxy, are not included in the response to the DNS query.
+
+
+The following table lists the available `.internal` domains for AAAA queries:
+
+| Name | AAAA Response |
+| -- | --- |
+|`.internal`|6PN addresses of all Machines
in any region for the app|
+|`top.nearest.of..internal`|6PN addresses of top _number_
closest Machines for the app|
+|`.vm..internal`|6PN address of a specific
Machine for the app|
+|`.process..internal`|6PN addresses of Machines
in process group for the app|
+|`..internal`|6PN addresses of Machines
in region for the app|
+|`global..internal`|alias for `.internal`|
+|`..kv._metadata..internal`|6PN addresses of Machines
with matching [metadata](https://community.fly.io/t/dynamic-machine-metadata/13115)|
+|`._peer.internal`|6PN address of peer|
+
+The following table lists the available `.internal` domains for TXT queries:
+
+| Name | TXT Response |
+| -- | -- |
+|`vms..internal`|comma-separated list of Machine ID and
region name for started app Machines|
+|`all.vms..internal`|comma-separated list of Machine ID and
region name for all deployed app Machines|
+|`regions..internal`|comma-separated list of region names
where Machines are started for app|
+|`all.regions..internal`|comma-separated list of region names
where Machines are deployed for app|
+|`_apps.internal`|comma-separated list of the names of all
apps in current organization|
+|`_peer.internal`|comma-separated list of the names of all
WireGuard peers in current organization|
+|`_instances.internal`|comma-separated list of Machine ID, app name,
6PN address, and region for all started Machines
in current organization|
+|`all._instances.internal`|comma-separated list of Machine ID, app name,
6PN address, and region for all deployed Machines
in current organization|
+
See the [fly-examples/privatenet](https://github.com/fly-apps/privatenet+external) repo for examples that use the `.internal` domains.
From 94fefa24235bf5cb931f7580452f7c3ccb0053c3 Mon Sep 17 00:00:00 2001
From: Pavel Borzenkov
Date: Tue, 28 Oct 2025 12:47:47 +0100
Subject: [PATCH 2/2] blueprints: fix the link to autostop/autostart docs
(#2284)
---
blueprints/autoscale-machines.html.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/blueprints/autoscale-machines.html.md b/blueprints/autoscale-machines.html.md
index cf5b6381da..26370c1150 100644
--- a/blueprints/autoscale-machines.html.md
+++ b/blueprints/autoscale-machines.html.md
@@ -10,7 +10,7 @@ redirect_from: /docs/blueprints/autoscale-machines-like-a-boss/
You have an app with services that's configured to [automatically start
-and stop Machines based on traffic demand]((/docs/launch/autostop-autostart/)). But the traffic to your app changes
+and stop Machines based on traffic demand](/docs/launch/autostop-autostart/). But the traffic to your app changes
significantly during the day and you don't want to keep a lot of stopped
Machines during the period of low traffic.