I was wondering if there was anything wrong with enabling the IPv6 option in Vultr (when creating a server) to add an IPv6 IP to the server and then adding an A and AAA record to the DNS records in Cloudflare?
When creating a server in Vultr, there is a checkbox for assigning an IPv6 IP to the server. When I click it and create the server, and then head over to CF, can I just add an A and AAA record and everything will be just as secure as if I went with only and IPv4?
Is this a dumb move? Are there any pitfalls or negatives to doing it this way? Are there any positives to adding both an A and AAA record to Cloudflare and having both an IPv4 and IPv6 on your server?
This is exactly what you should do.
If I’m only using the instance for web traffic proxied through Cloudflare, nowadays I’ll just skip IPv4 altogether. It reduces the (non-HTTP) bot probes to near zero, and Cloudflare’s proxy provides IPv4 for web traffic even if your server doesn’t have it.
If you create both A and AAAA records for your server and orange-cloud them, Cloudflare will (last I knew) ignore the AAAA records and only connect to your server over IPV4. As far as I know, there’s no built-in failover or load-balancing, i.e. even if your server experiences an IPV4 outage, Cloudflare will just treat it as a down server and continue ignoring the AAAA records.
So for domains that I intend to always keep orange-clouded, I only create AAAA records (or a CNAME pointing to something which only has AAAA records), which forces Cloudflare to connect over IPV6.
This is applicable only the traffic leg between Cloudflare and your server. Regardless of how you do it, IPV4 and IPV6 end-users will both be able to connect.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.