IPV6 seen on IPV4 only site


we see ipv6

[HTTP_CF_CONNECTING_IP] => 2a01:cb22:90f:c00:359c:2edd:6d2b:a360
[HTTP_CDN_LOOP] => Cloudflare
[HTTP_CF_RAY] => 71450094ad809cd0-JNB

but this zone is IPV4 only

i dont understand how this is possible ?

any ideas

Did you mean, you disabled the IPv6 compatibility via the dashboard (under Network section)?

When you orange-cloud a DNS entry of any type (A, AAAA, CNAME), Cloudflare will (by default) always create both IPV4 (A) and IPV6 (AAAA) DNS entries for that DNS name pointing to Cloudflare’s IP addresses. So regardless of whether the origin server is IPV4-only, IPV6-only, or both, both IPV4 people and IPV6 people will be able to connect. The connection from Cloudflare to your origin will still be dictated by whether you created it as an A record or an AAAA record (or if it’s a CNAME, whether it points to an A or AAAA record), and if you create both A and AAAA records, Cloudflare will prefer to connect to your origin via IPV4.

There is an “IPv6 Compatibility” toggle setting in the dashboard however you can’t turn it off via the Dashboard, per the note “At Cloudflare we believe in being good to the Internet and good to our customers. By moving on from the legacy world of IPv4-only to the modern-day world where IPv4 and IPv6 are treated equally, we believe we are doing exactly that. In the Cloudflare dashboard, IPv6 is no longer something you can toggle on and off, it’s always just on.”

It might be possible to turn it off via the API, but you should think carefully before doing so. Do you really not want IPV6 people accessing your site? For now, almost all IPV6 people still have IPV4 but that won’t always be the case. I occasionally switch my home network to IPV6-only for a day, and I observe which websites / services work and which ones don’t, and I feel sad about the ones that don’t work.

Basically they’re giving you free IPV6 connectivity without you even having to do anything to set it up.

It goes they other way too, they also enable IPV4 visitors to access IPV6-only origins (as long as they’re orange-clouded, obviously). Which means if you want to run an IPV6-only website for the lulz you can’t orange-cloud it.

1 Like

yes exactly i disabled ipv6 and i have no ipv6 AAAA record on the zone .
it just magicaly appear in HTTP_CF_CONNECTING_IP but it have no sense to me.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.