Child pages
  • Guide to IPv6 - IPv6 Server Administration

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Section


Column
width250px

Include Page
LIB:_IPv6GuideMenu
LIB:_IPv6GuideMenu


Column

Overview

This document details the specifics of cPanel & WHM's IPv6 support. This includes information about the cPanel & WHM's IPv6-supported services, the changes that occur when you add IPv6, and IPv6-related command line tools and utilities.

Warning
titleWarning:
  • An IPv6 address range cannot contain a server's shared IP address. The system will not allow you to set a shared IP address that exists within any configured IPv6 address range.
  • If you disable IPv6 on your server at the kernel level, do not remove (or blacklist) the kernel modules.
    • To disable IPv6 on your server, run the following command:

      Code Block
      languagebash
      echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6


    • If you remove the kernel modules, your operating system will generate warnings in cPanel & WHM, may prevent account creation, and may cause service failures.

Command-line tools and utilities

IPv6 requires new command-line tools and scripts that IPv4-only servers do not require.

The iproute2 package

Traditionally, IPv4 tools (for example, ifconfig and netstat) used the net-tools package. Servers that use IPv6 must include the iproute2 package. This package adds the ip and ss tools, which you can use with IPv4 and IPv6.

IPv6 firewall configuration

Run the /usr/local/cpanel/scripts/ configure_rh_ipv6_firewall_for_cpanel script to set up your IPv6 firewall.

Warning
titleImportant:
If you use IPv6, the service network restart command removes the IPv6 addresses that cPanel & WHM added from the network device. You must run the /scripts/restartsrv_cpipv6 command after you restart the network service, in order to ensure that the system adds those addresses again.

IPv4 and IPv6 address retention and volume adjustments

When you enable IPv6, each account retains ownership of its IPv4 address and the original IPv4 address remains fully functional in the WHM interface. If you assign an IPv6 address to an account, you essentially double the number of IP addresses that you assigned to that account.

The IPv6 RFCs allow a large number of IP addresses on each server. However, the system's available resources limit the Linux kernel, userland tools, and daemons, and they cannot handle large assignments of IP addresses. You can bind up to 512 IP addresses (both IPv4 and IPv6 addresses) to a server before the server overloads.

  • If you use 512 or fewer IP addresses, use the BIND nameserver. The BIND nameserver binds to all IP addresses on a server and does not create excessive entries in the /etc/named.conf file.

    Warning
    titleWarning:

    We strongly recommend that you use BIND if you assign more than 512 IPv6 addresses, or if you require cached nameservers.


  • If you use 2,000 or more IP addresses, you may need to adjust the sysctl value in the /proc/sys/net/ipv6/route/max_size file. 

    • This value defaults to 4096.

    • To increase this number, run the sysctl net.ipv6.route.max_size=VALUE command, where VALUE represents the new maximum value.

IPv6 and Apache

When you use IPv6 on a server, the system sets the Listen directive to Listen[::]:80, which listens on all IPv6 addresses on the server. Apache sets a NameVirtualHost directive, and then adds the IPv6 address for a domain to the VirtualHost directives for each domain. The virtual hosts change from VirtualHost IPv4 address:port to VirtualHost IPv4 address [IPv6 address]:port.

For example:

Code Block
languagebash
linenumberstrue
<VirtualHost 12.34.54.67:80 [2001:db8:28a0:2004:227:eff:fe1d:f770]:80>
 ServerName: dorothy1.net
 ServerAlias www.dorothy1.net
 ...etc...
</VirtualHost>


Note
titleNote:

For more information about the Apache configuration, read our Apache documentation.

IPv6 and DNS

When you assign an IPv6 address to an account on your server, your DNS zone files retain the account's IPv4 address, but the system adds an IPv6 AAAA entry to the DNS zone file. For example:

Code Block
languagebash
example.com IN AAAA 2001:db8:28a0:2004:227:eff:fe1d:f770 

MyDNS and NSD both support up to 512 IP addresses. This is sufficient for a VPS with limited IP addresses.

Note
titleNotes:
  • Currently, BIND is the only daemon that fully supports IPv6.
  • For more information, read our Zone Editor documentation.

Userdata files

Userdata files list the current IPv4 address for each account on the server.

  • When you enable IPv6, the system also includes IPv6 addresses in this file.
  • When you enable IPv6 for an account, all of the account's users, resellers, subdomains, and addon domains share the same IPv6 address.

The system uses the /etc/cpanel/ipv6/range_allocation_data file to configure the /var/cpanel/userdata files.


Additional documentation

Localtab Group


Localtab
activetrue
titleSuggested documentation

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel = "ipv6" and label = "whm" and space = currentSpace()


Localtab
titleFor cPanel users

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel = "ipv6" and label = "cpanel" and space = currentSpace()


Localtab
titleFor WHM users

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel = "ipv6" and label = "whm" and space in (currentSpace(),"CKB")


Localtab
titleFor developers

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel = "ipv6" and space = "DD"