2

I have a web server with a public IPv4 address. For this IPv4 address, I have a DNS A record for "domainA.com". Since more IPv4 addresses cost money at my hosting company, I am thinking about using a free IPv6 address to host another website on this server.

(I need a different IP because I want to use SSL Certificates. Apache is not able to distinguish between the domain names on a single IP, when the browser of the client don't use SNI, so there are certificate errors)

If I use a IPv6 DNS provider to map my domain "domainB.com" to the IPv6 address with an AAAA Record, are IPv4-only clients able to reach the Website? And if they are not able, is there any service or similar to make this possible?

chicks
  • 3,793
  • 10
  • 27
  • 36
chwzr
  • 43
  • 1
  • 6
  • People with certificate problems should update their browsers. SNI is widely supported these days and also works with IPv6, so there's also no need to assign lots of IPv6 addresses to a single machine. – Bachsau Jul 03 '20 at 18:30

2 Answers2

1

No, IPv4 only clients cannot reach an IPv6 only website.

However, most (if not all) browsers today support SNI so it should really not be an issue using SNI unless you are supporting legacy equipment.

You could probably use a service such as Cloudflare to proxy the requests to you, but I am not sure whether or not it actually can translate between IPv4 and IPv6 but I guess so.

But they are probably also using SNI, so you would run into the same issue there.

Frederik
  • 3,359
  • 3
  • 32
  • 46
  • 1
    i have found the cloudflare free ipv4 to ipv6 service..:https://blog.cloudflare.com/introducing-cloudflares-automatic-ipv6-gatewa/ thanks for your answer :) – chwzr Apr 29 '17 at 20:25
  • @chwzr That link sounds like the opposite of what the question is asking for. – kasperd Apr 29 '17 at 23:51
  • In the linked Page is a grafic which Shows that they enable a v6only Server to every User if he uses V4 or V6 they will Connect him :) – chwzr Apr 30 '17 at 00:09
  • @chwzr Right, that does suggest they have an implementation which works both ways. They focus a lot more on them providing IPv6 for domains which currently exist only on IPv4. The page does not have many implementation details, in particular I don't see anything on that page saying whether it will work for clients without SNI support. It is quite likely that they will give you a solution which requires SNI support on the client, unless you pay extra for a dedicated IP address. – kasperd Apr 30 '17 at 01:03
  • 1
    Ive tested it with an Browser which i modified to disable SNI and have only ipv4 and with cloudflare its working. If i disable cloudflare it Shows a certificate error (the certificate of the ipv4 Host is loaded and the Domain dont Matches). So i can confirm that cloudflare make this possible even without SNI, but only if both Sites are cloudflare enabled(i think they must inject a SNI to distinguish the different hosts) – chwzr Apr 30 '17 at 08:08
  • @chwzr All browsers from the last 10 years or more support SNI. It's not even worth attempting to support anything that doesn't; such things don't really belong on the Internet anymore and haven't for a long time. – Michael Hampton Jan 30 '18 at 01:22
0

Can you switch to nginx? It doesn't have any problems whatsoever handling multiple domains with SSL on a single IP address. The nginx auto-config option in letsencrypt free SSL certificate system works very well, making the process practically painless.

geekbrit
  • 101
  • 1