Page tree
Skip to end of metadata
Go to start of metadata

Overview

This document details the specifics of cPanel & WHM's IPv6 support. This includes information about the cPanel & WHM's IPv6-supported services, the changes that occur when you add IPv6, and IPv6-related command line tools and utilities.

Warning:

If you disable IPv6 on your server at the kernel level, do not remove (or blacklist) the kernel modules.

  • To disable IPv6 on your server, run the following command:

    echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
  • If you remove the kernel modules, your operating system will generate warnings in cPanel & WHM, may prevent account creation, and may cause service failures.

Command-line tools and utilities

IPv6 requires new command-line tools and scripts that IPv4-only servers do not require.

The iproute2 package

Traditionally, IPv4 tools (for example, ifconfig and netstat) used the net-tools package. Servers that use IPv6 must include the iproute2 package. This package adds the ip and ss tools, which you can use with IPv4 and IPv6.

IPv6 firewall configuration

Run the /usr/local/cpanel/scripts/configure_rh_ipv6_firewall_for_cpanel script to set up your IPv6 firewall.

Important:

If you use IPv6, the service network restart command removes the IPv6 addresses that cPanel & WHM added from the network device. You must run the /scripts/restartsrv_cpipv6 command after you restart the network service, in order to ensure that the system adds those addresses again.

IPv4 and IPv6 address retention and volume adjustments

When you enable IPv6, each account retains ownership of its IPv4 address and the original IPv4 address remains fully functional in the WHM interface. If you assign an IPv6 address to an account, you essentially double the number of IP addresses that you assigned to that account.

The IPv6 RFCs allow a large number of IP addresses on each server. However, the system's available resources limit the Linux kernel, userland tools, and daemons, and they cannot handle large assignments of IP addresses. You can bind up to 512 IP addresses (both IPv4 and IPv6 addresses) to a server before the server overloads.

  • If you use 512 or fewer IP addresses, use the BIND nameserver. The BIND nameserver binds to all IP addresses on a server and does not create excessive entries in the /etc/named.conf file.

    Warning:

    We strongly recommend that you use BIND if you assign more than 512 IPv6 addresses, or if you require cached nameservers.

  • If you use 2,000 or more IP addresses, you may need to adjust the sysctl value in the /proc/sys/net/ipv6/route/max_size file. 

    • This value defaults to 4096.

    • To increase this number, run the sysctl net.ipv6.route.max_size=VALUE command, where VALUE represents the new maximum value.

IPv6 and Apache

When you use IPv6 on a server, the system sets the Listen directive to Listen[::]:80, which listens on all IPv6 addresses on the server. Apache sets a NameVirtualHost directive, and then adds the IPv6 address for a domain to the VirtualHost directives for each domain. The virtual hosts change from VirtualHost IPv4 address:port to VirtualHost IPv4 address [IPv6 address]:port.

For example:

<VirtualHost 12.34.54.67:80 [2001:db8:28a0:2004:227:eff:fe1d:f770]:80>
 ServerName: dorothy1.net
 ServerAlias www.dorothy1.net
 ...etc...
</VirtualHost>

Note:

For more information about the Apache configuration, read our Apache documentation.

IPv6 and DNS

When you assign an IPv6 address to an account on your server, your DNS zone files retain the account's IPv4 address, but the system adds an IPv6 AAAA entry to the DNS zone file. For example:

example.com IN AAAA 2001:db8:28a0:2004:227:eff:fe1d:f770 

MyDNS and NSD both support up to 512 IP addresses. This is sufficient for a VPS with limited IP addresses.

Notes:

  • Currently, BIND is the only daemon that fully supports IPv6.
  • For more information, read our Advanced Zone Editor documentation.

Userdata files

Userdata files list the current IPv4 address for each account on the server.

  • When you enable IPv6, the system also includes IPv6 addresses in this file.
  • When you enable IPv6 for an account, all of the account's users, resellers, subdomains, and addon domains share the same IPv6 address.

The system uses the /etc/cpanel/ipv6/range_allocation_data file to configure the /var/cpanel/userdata files.

Additional documentation