In my quest to figure out getting IPv6 to talk to IPv4, I looked into adding nameservers to my linux VPS that use DNS64/NAT64 such as NAT64.net, but that did not seem to make much difference. I also heard of a service called Tunnelbroker through Hurricane Electric, or possibly using a VPN with IPv4 and IPv6 support and having the server talk through that.
But in my research, I discovered Cloudflare. They have a few nice services to help out with web hosting. For this article, we will be looking at their free DNS service. This resolved all of my issues with getting this IPv6 web server to talk to IPv4 clients after a bit of configuration in Cloudflare and my Linux server.
How to Configure Cloudflare DNS with Existing Domain
First off, you will want to create a free Cloudflare account. Once you finish that up, add your domain through the top-right Add Site button. During this process, it will tell you to change your nameservers to the ones they provide you with; just log into your domain’s DNS provider and configure the domain to use them. They will also auto-fill your DNS records from your old DNS provider, which is convenient.
Once you are finished up with that, go into DNS on the left to configure some records. For any domains you want to be able to talk to IPv4, you will want to keep Proxy ON. SSH does not work with Proxy on, so you will want to make a new AAAA record for the name ‘ssh’ with your server’s IPv6. Make sure to connect to your server via SSH with that domain from now on. You will still need IPv6 support for SSH.
Disabling Cloudflare’s Automatic SSL Service
Cloudflare offers a service where they can take care of your website’s SSL certificates for you. This can be nice for simpler websites since you won’t have to work with certbot and validating a certification yourself, but it ended up breaking this website using WordPress. Even with some website configuration, I could not get it working with Cloudflare’s SSL as it would not let me login to wp-admin. So you still may want to do certifications yourself.
To disable Cloudflare’s automatic SSL service, you would go to the SSL/TLS section on the left, and you should be in Overview. Select Full for SSL/TLS encryption, then your certbot certifications should be working again, or you may have to renew them. It should also unbreak your WordPress sites, which was my case. The Full setting lets you do self-signed certificates, allowing certbot certifications to function.
If your server still has trouble communicating, you may need to configure your web server’s nameservers. You may have a different way of doing it with whatever network manager your server uses, but this method worked for me on Debian. Open your /etc/resolv.conf, then add in Cloudflare’s IPv6 nameservers; erase the remaining ones:
nameserver 2606:4700:4700::1111
nameserver 2606:4700:4700::1001
After this, I ran this command to disable any installed network managers from messing with the /etc/resolv.conf and resetting your changes:
//makes file immutable
chattr +i /etc/resolv.conf
//to undo, use the same command, but with -i
To test if your nameserver settings are working, you can run this command to make sure it matches up with the newly-added nameservers:
dig example.org | grep SERVER
If it doesn’t work, try to reboot your server, then try it again.
Your websites should be working fine from there with the new configuration, and should be working with IPv4-only clients. To test this myself, I would go into network settings of the network I am using on my computer and disable IPv6, disconnect and reconnect, then open my website in my browser. A ping from an IPv4-only client would work, too.