Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...


Daniel Nashed

Are you using IPv6? - What about Domino?

Daniel Nashed – 9 March 2024 09:44:36

IPv4 addresses are becoming a rare resource for years. But still the adoption of the next generation IPv6 protocol (which is available for ages) isn't great.
Most operating systems, routers and other infrastructure components are IPv6 ready for years.

I looked into Domino IPv6 support quite a while ago and some of my servers are dual homed. But mostly with separate DNS names mainly for testing.

There is still only one customer I know about making the switching for their Domino servers.

I looked into all the different aspects including logging in domlog.nsf and even SMTP Extension Managers a while ago and it just works the same way.

The basic setting you need to set is: notes.ini TCP_EnableIPv6=1

Domino IPv6 documentation

There are some other more specific settings available to configure IPv6 addresses in different places of Domino.

In some places IPv6 addresses need to specified with square brackets.

How far is IPv6 enablement completed?

One statistic ( says that only around 50% of 1000 websites support IPv6 beginning of 2024.
Also Google's statistics should a similar adoption rate in more general:

Additional resources

The Internet Society website has an interesting IPv6 section with more details.

How are you using IPv6 today?

Some providers increased their prices for IPv4 addressed. And for some test servers I might switch completely to IPv6.

I would be interested to hear from you, how much you adopted IPv6 on client and server side.

Did you face any specific challenges when trying to make the move?

Specially for Domino and related products.

-- Daniel

Image:Are you using IPv6?  - What about Domino?


1Thomas Bahn  09.03.2024 11:24:06  Are you using IPv6? - What about Domino?

Do you speak of IPv6 for the servers "on the edge" (in the DMZ) available for public, customers, business partners OR (all) internal servers?

For internal servers I don't see great benefits in moving to IPv6.

For external servers: If one has enough IPv4 addresses for the use-cases a company has, with IPv6 you'd add at least some complexity. What are the benefits you see in this case?

You'd probably won't need a reverse proxy, but for the added security a reverse proxy might still be a good idea.

With one service/machine having possibly mutliple IPv6 addresses, the admins have to learn quite a bit to have at least the same security as today.

2Daniel Nashed  10.03.2024 15:21:04  Are you using IPv6? - What about Domino?

Hi Thomas,

I am looking for general feedback, if customers and partners are looking into it.

If everyone thinks they should look into it because they "have sufficient IP addresses for their use case" there is no move in IPv6, which finally gets more and more important.

In internal corporate networks it is quite some effort to start with coexistence and to finally move.

I spent the whole weekend looking into IPv6 and I can see why customers are not deploying it.

It's more complex and brings new challenges.

Having end to end routing with public IPs from a machine to the internet isn't a good idea. We still need internal networks is a private range.

As you say the network connection still needs to be terminated in a DMZ.

I added a private range to my network and added static IPs to my most important internal hosts.

My external network is connected to a Fritzbox, which already has full IPv6 support without much extra setup.

So my stack in the public network already had a dual stack.

I just introduced IPv6 in my internal network. I installed a new Alpine VM with Squid and an IPv6 address.

In addition I made this server a IPv6 enabled SSH Jumphost.

Definitively IPv6 isn't just a flip to turn on. I enabled some of my servers to speak IPv6 end to end including Domino NRPC and internet protocols.

Also I looked into some of my OpenSSL C/C++ based applications, which seem to work well with some minor tweaks.

If we don't start looking into this technology, we will not get it moved.

And it looks like it is time to adopt it. Not just for internet hosts.

When conntect my iPhone to my external WLAN hosted by my Fritzbox, I am getting IPv6 automatically.

3Fredrik Norling  11.03.2024 5:06:33  Are you using IPv6? - What about Domino?

Can you run ipv6 and ipv4 at the sametime on the Domino server or is it only one of them?

I remember I tried enabling it years ago but then I had some connectivity issues from ipv4 after enabling it. It could have been som config mistake by me.

4Daniel Nashed  11.03.2024 6:25:48  Are you using IPv6? - What about Domino?

Hi Frederik,

Once you enable IPv6 the server continues to use IPv4 by default unless you disable it.

But there are some special configurations if you bind the IP (which is always a bit more complex to setup).

Here is the help page describing the different options:

I would recommend to not bind IPs, which does not require to add another port nor adding any other notes.ini setting beside enabling IPv6.

-- Daniel

5Christian Brandlehner  11.03.2024 9:06:07  Are you using IPv6? - What about Domino?

I have been using IPv6 for years for Domino NRPC and HTTPS.

One reason is that native IPv6 is faster than CGNAT-IPv4.

6Chris Hudson  13.03.2024 6:59:57  Are you using IPv6? - What about Domino?

We setup IPv6 on all of our frontend webservers back in 2012 when they were directly exposed to the web.

But we changed our gateway architecture back in about 2016 and now we don't have any directly exposed servers and they all run with private IPv4 addresses behind a load balancer which has the public address.

I don't recall any particular issues with setting up dual IPv4/IPv6 addresses for Domino. We had separate IP addresses defined for the host os and for Domino

We used static IPv4 and static IPv6 addresses for all servers and we used two TCPIP_<port>_TCPIPAddress Notes.ini settings to let Domino know to listen on both the IPv4 and IPv6 addresses.



    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]