This document details the specifics of cPanel & WHM's IPv6 support. This includes information about the cPanel & WHM's IPv6-supported services, the changes that occur when you add IPv6, and IPv6-related command line tools and utilities.
- An IPv6 address range cannot contain a server's shared IP address. The system will not allow you to set a shared IP address that exists within any configured IPv6 address range.
- If you disable IPv6 on your server at the kernel level, do not remove (or blacklist) the kernel modules.
Command-line tools and utilities
IPv6 requires new command-line tools and scripts that IPv4-only servers do not require.
Traditionally, IPv4 tools (for example,
netstat) used the
net-tools package. Servers that use IPv6 must include the
iproute2 package. This package adds the
ss tools, which you can use with IPv4 and IPv6.
IPv6 firewall configuration
configure_rh_ipv6_firewall_for_cpanel script to set up your IPv6 firewall.
|If you use IPv6, the |
service network restart command removes the IPv6 addresses that cPanel & WHM added from the network device. You must run the
/scripts/restartsrv_cpipv6 command after you restart the network service, in order to ensure that the system adds those addresses again.
IPv4 and IPv6 address retention and volume adjustments
When you enable IPv6, each account retains ownership of its IPv4 address and the original IPv4 address remains fully functional in the WHM interface. If you assign an IPv6 address to an account, you essentially double the number of IP addresses that you assigned to that account.
The IPv6 RFCs allow a large number of IP addresses on each server. However, the system's available resources limit the Linux kernel, userland tools, and daemons, and they cannot handle large assignments of IP addresses. You can bind up to 512 IP addresses (both IPv4 and IPv6 addresses) to a server before the server overloads.
If you use 512 or fewer IP addresses, use the BIND nameserver. The BIND nameserver binds to all IP addresses on a server and does not create excessive entries in the
We strongly recommend that you use BIND if you assign more than 512 IPv6 addresses, or if you require cached nameservers.
If you use 2,000 or more IP addresses, you may need to adjust the
sysctl value in the
IPv6 and Apache
When you use IPv6 on a server, the system sets the
Listen directive to
Listen[::]:80, which listens on all IPv6 addresses on the server. Apache sets a
NameVirtualHost directive, and then adds the IPv6 address for a domain to the
VirtualHost directives for each domain. The virtual hosts change from
VirtualHost IPv4 address:port to
VirtualHost IPv4 address [IPv6 address]:port.
<VirtualHost 126.96.36.199:80 [2001:db8:28a0:2004:227:eff:fe1d:f770]:80>
IPv6 and DNS
When you assign an IPv6 address to an account on your server, your DNS zone files retain the account's IPv4 address, but the system adds an IPv6 AAAA entry to the DNS zone file. For example:
example.com IN AAAA 2001:db8:28a0:2004:227:eff:fe1d:f770
MyDNS and NSD both support up to 512 IP addresses. This is sufficient for a VPS with limited IP addresses.
- Currently, BIND is the only daemon that fully supports IPv6.
- For more information, read our Zone Editor documentation.
Userdata files list the current IPv4 address for each account on the server.
- When you enable IPv6, the system also includes IPv6 addresses in this file.
- When you enable IPv6 for an account, all of the account's users, resellers, subdomains, and addon domains share the same IPv6 address.
The system uses the
/etc/cpanel/ipv6/range_allocation_data file to configure the