Why does IPv6 matter specifically in 2026?

Three reasons, each one real: - **IPv4 exhaustion.** The global pool of IPv4 addresses started running out in 2011 (IANA), in Europe (RIPE) in 2019. There are no new ones. Every IPv4 address handed to a new cloud customer means someone else lost one. - **IPv4 pricing in the cloud.** Since February 2024 **AWS charges 0.005 USD/hour for every public IPv4** (~3.6 USD per month per address). At 100 instances that is 360 USD/month, two times more than the year before. - **IPv6-only networks.** More and more mobile carriers (Reliance Jio in India, T-Mobile USA, some European operators) hand out **IPv6-only** addresses to subscribers. If your site is A-only with no AAAA, their phones reach you through **NAT64/DNS64** - an extra translation hop, higher latency, occasional broken Referer headers. In 2026 the picture is simple: **no IPv6 = performance handicap plus risk of losing users**.

How does IPv6 differ from IPv4?

**IPv4** is the old address system: four decimal numbers separated by dots, e.g. `93.184.215.14`. Total of **2^32 ≈ 4.3 billion** possible addresses. Fewer than the number of devices connected to the internet today. **IPv6** is the new system: eight groups of four hexadecimal characters separated by colons, e.g. `2606:4700:4700::1111`. Total of **2^128** possible addresses, **more than the number of atoms in the visible universe**. Enough forever. Practical differences: IPv6 has **built-in security (IPsec)**, a cleaner header, no NAT (every device gets a real public address) and often **lower latency** because there is no carrier-grade NAT in the middle.

I only have A, no AAAA. How do I add AAAA to my domain?

Step by step: 1. **Ask your hosting provider** for an **IPv6 address for the server**. If they say "we do not have one", switch providers (every serious host in 2026 has IPv6: Hetzner, OVH, AWS, GCP, Azure, DigitalOcean, Linode). 2. From your DNS control panel (Cloudflare, Route 53, registrar UI) **add an AAAA record** with that address for `@` (the apex) and `www`. 3. Save, wait **5 minutes**, type the domain into this test. You should jump by **40+10 = 50 points**. 4. If you run a **VPS**, check that **nginx/Apache listens on `[::]:443`** (not just `0.0.0.0:443`). Without that, AAAA is in DNS but the server itself does not answer. 5. **Firewall**: ufw, iptables, Hetzner Cloud Firewall - each has separate rules for IPv6. Open ports 80 and 443 for `tcp v6`. The whole thing takes **15-30 minutes** if you know what you are doing.

Why is MX over IPv6 so rare? Most companies score 0 here.

**Because mail is conservative.** Most anti-spam techniques (RBLs, reputation lists) are built **around IPv4 addresses**. Mail providers (Google Workspace, Microsoft 365, ProtonMail) are **afraid to enable MX over IPv6** because that would force them to maintain two parallel reputation tables, two SPF rule sets, and accept the risk that their v6 mail lands in spam since nobody has v6 reputation yet. Second reason: **many spam filters reject mail from IPv6 without DKIM and SPF**, and SPF does not always cover IPv6 (the `ip6:` mechanism is a separate parser branch). As a result, providers ship AAAA only for **outbound** delivery and keep MX as **A only**. If your MX scores 0, that is the **norm** in 2026. Do not panic.

What if my provider (ISP, hosting) does not have IPv6 yet?

**Switch providers** or insert a proxy layer. **Cloudflare** has a free **proxy mode** (orange cloud) - enable the free plan, point your domain at their nameservers, and you automatically get AAAA without touching your host. **Your site becomes dual-stack overnight.** Alternatives: **Bunny CDN**, **Fastly**, **AWS CloudFront**. Second route: **Hurricane Electric IPv6 tunnels** (he.net, free, running for 20+ years) - they add IPv6 to your existing server even if the provider does not have it. But for production, prefer native IPv6 from a serious provider.

What is "dual-stack" and is it better than IPv6-only?

**Dual-stack** = **the server has both an IPv4 and an IPv6 address at the same time**. Both old devices (IPv4-only) and new devices (IPv6-only) can reach it. In 2026 this is the **gold standard**: maximum reach, no risk of cutting anyone off. **IPv6-only** = only a v6 address, no v4. That is an aggressive setup - it saves money (no IPv4 fee in the cloud) but it **excludes older users**. Large internal networks (Facebook reportedly runs IPv6-only inside the datacenter) go this way, but for a **public web site** it is too early. **Target for a typical business**: dual-stack, grade **A** in this test.

I have a good score (B/A) but www returns 0. What is happening?

Your **apex (`example.com`) has AAAA**, but the **subdomain `www.example.com` does not**. Common case: the admin added AAAA only for the bare domain and forgot www, or www is a **CNAME** pointing at something that itself has no AAAA. **Fix**: in your DNS panel add an AAAA record for `www` (same address as for `@`), or make sure the CNAME target has AAAA. **Bonus gotcha**: some setups rely on an **HTTP redirect** `www -> apex`. The server eventually sees the request, but **the first DNS lookup** from an IPv6-only user returns nothing, so the redirect never happens. Better to keep AAAA on both names.

Why does the test say my site does not answer over IPv6 even though it has AAAA?

Because **the address is in DNS but the daemon does not actually listen on it**. Four typical causes: (1) **Nginx/Apache listens only on IPv4** (`listen 443 ssl;` instead of `listen [::]:443 ssl;`). (2) **Firewall blocks IPv6** (iptables has a separate `ip6tables` ruleset, ufw has separate v6 rules). (3) **The IPv6 in DNS is stale and points at nothing** (you replaced the server but only updated A). (4) **The hosting load balancer has no IPv6** - you copied the address from a panel but it actually belongs to a **legacy v4-only LB**. Diagnose with `curl -6 -v https://yourdomain.com` from any machine with v6. If it errors, the **server is the problem**, not this tool.

Does this tool store data about my domain?

**No.** Your domain hits our server, we ask the **public Cloudflare DoH (1.1.1.1)** for four DNS records, we open **one TLS connection** over IPv6 to your server (only if it has AAAA), then we are done. **Nothing is persisted**: not the domain, not your IP (other than a short-lived 30-per-hour counter in process memory that clears itself every 60 minutes). No database, no disk logs, no profiling. A server restart wipes even the counter.

IPv6 Readiness Check - free

What IPv6 readiness means and why you should care

IPv6 is the new version of internet addresses. The old one, IPv4, only has about 4 billion possible addresses and we already ran out. Every new device at home, every phone on a mobile network, every server in a modern cloud data center now gets an IPv6 address. Your domain should have one too.

This tool takes your domain and runs five tests: asks DNS for an AAAA record (the IPv6 address) of the apex, of www, of your mail servers (MX), of your nameservers (NS), and finally opens an actual TLS connection to your server over IPv6 to check that it answers. Each test contributes between 0 and 40 points. Everything adds up to a single 0 to 100 score and an A to F letter grade.

Why care in 2026? Because mobile carriers in many countries hand out IPv6-only addresses to new customers (T-Mobile US, Reliance Jio, parts of Orange and Vodafone). Because AWS and Google Cloud now charge extra for every IPv4 address. Because websites without IPv6 are simply slower for IPv6-only users (they must pass through a NAT64 translator). And because you want your site reachable for everybody, not just for half of the internet.

How to use it

Type a domain: just the bare name, no `https://`, no path. A subdomain works too (`blog.brand.com`), but the most meaningful score is the apex people type into the browser.
Click "Check". The test takes 2 to 8 seconds: we query DNS for five things and open one real TLS connection over IPv6.
Read the big number at the top - that is the sum of points from the five components. A is 85 or higher, F is under 30. Many domains in 2026 still sit in the C-D range.
Below the score you get 5 cards, one per test. Each says passed (green), failed (red) or partial (amber), how many points it gave, and what exactly happened.
Click "Details" to expand the raw evidence: which IPv6 addresses were found, which MX targets have AAAA, which TLS protocol came back on the handshake. Copy-paste straight to your sysadmin.
If you get 0 or a very low score, this is not a bug. It means your hosting / DNS / mail are still IPv4-only. Talk to your hosting provider about dual-stack.
Compare different domains: `cloudflare.com` (always A), `google.com` (always A), `example.com` (varies), your own. That comparison alone shows the scale of the gap.

When this is useful

Seven concrete situations where this tool gives you a usable answer instead of a vague feeling:

Corporate domain audit before a migration. A client asks "will our new site work for an IPv6-only carrier?". You type the domain, you get an A = yes, F = no. The letter grade ends the conversation without you having to explain what AAAA is.
Holding your hosting provider accountable. They advertise "full IPv6 support" and you measure an F. You paste the report and demand they enable AAAA on the apex and www. Direct evidence, no debate.
Competitive check. Type a competitor's domain into the field. You see they are A. You bring that back to your team: "they already have it, we do not". Much easier sell internally.
Mail migration to a new host. You are moving mailboxes. The test shows whether MX over IPv6 works - that matters because big senders (Gmail, Office 365) are starting to send from IPv6, and dual-stack MX cuts delivery friction.
Pre-launch DNS audit. Before you flip the domain live, you check that NS records have AAAA. Without that, an IPv6-only resolver cannot even resolve your DNS before falling back.
Pressure on cheap registrars. Some budget registrars hand out NS hosts without AAAA - this test surfaces that (the "NS IPv6" component returns 0). A solid argument to switch registrar or move DNS to Cloudflare / Route 53 / Bunny DNS.
Post-change verification. You just flipped on AAAA in the Cloudflare dashboard. Five minutes later you type your domain here, you see the score jump from 0 to 40+. Concrete proof the change took effect.

Related: DNS Lookup (see every DNS record, not just AAAA), Email DNS Checker (audit SPF/DKIM/DMARC for mail), SSL Certificate Inspector (inspect your certificate chain over TLS).

Questions and answers

IPv6 readiness is the degree to which your domain and the services around it are reachable over the new IPv6 protocol. It is not just whether the website has an IPv6 address (the AAAA record). It also counts whether www has AAAA, whether your mail servers (MX) have AAAA, whether your NS hosts (authoritative DNS) have AAAA, and whether the server actually answers over IPv6 (an address in DNS is worthless if the daemon does not listen on it). Full readiness = all components are dual-stack: reachable both over IPv4 and over IPv6. That is your A grade. F = pure IPv4, the path to extinction.

What IPv6 readiness means and why you should care

How to use it

Type a domain: just the bare name, no `https://`, no path. A subdomain works too (`blog.brand.com`), but the most meaningful score is the apex people type into the browser.

Click "Check". The test takes 2 to 8 seconds: we query DNS for five things and open one real TLS connection over IPv6.

Read the big number at the top - that is the sum of points from the five components. A is 85 or higher, F is under 30. Many domains in 2026 still sit in the C-D range.

Below the score you get 5 cards, one per test. Each says passed (green), failed (red) or partial (amber), how many points it gave, and what exactly happened.

Click "Details" to expand the raw evidence: which IPv6 addresses were found, which MX targets have AAAA, which TLS protocol came back on the handshake. Copy-paste straight to your sysadmin.

If you get 0 or a very low score, this is not a bug. It means your hosting / DNS / mail are still IPv4-only. Talk to your hosting provider about dual-stack.

Compare different domains: `cloudflare.com` (always A), `google.com` (always A), `example.com` (varies), your own. That comparison alone shows the scale of the gap.

When this is useful

Seven concrete situations where this tool gives you a usable answer instead of a vague feeling:

Corporate domain audit before a migration. A client asks "will our new site work for an IPv6-only carrier?". You type the domain, you get an A = yes, F = no. The letter grade ends the conversation without you having to explain what AAAA is.
Holding your hosting provider accountable. They advertise "full IPv6 support" and you measure an F. You paste the report and demand they enable AAAA on the apex and www. Direct evidence, no debate.
Competitive check. Type a competitor's domain into the field. You see they are A. You bring that back to your team: "they already have it, we do not". Much easier sell internally.
Mail migration to a new host. You are moving mailboxes. The test shows whether MX over IPv6 works - that matters because big senders (Gmail, Office 365) are starting to send from IPv6, and dual-stack MX cuts delivery friction.
Pre-launch DNS audit. Before you flip the domain live, you check that NS records have AAAA. Without that, an IPv6-only resolver cannot even resolve your DNS before falling back.
Pressure on cheap registrars. Some budget registrars hand out NS hosts without AAAA - this test surfaces that (the "NS IPv6" component returns 0). A solid argument to switch registrar or move DNS to Cloudflare / Route 53 / Bunny DNS.
Post-change verification. You just flipped on AAAA in the Cloudflare dashboard. Five minutes later you type your domain here, you see the score jump from 0 to 40+. Concrete proof the change took effect.

Related: DNS Lookup (see every DNS record, not just AAAA), Email DNS Checker (audit SPF/DKIM/DMARC for mail), SSL Certificate Inspector (inspect your certificate chain over TLS).

Questions and answers

IPv6 Readiness Check

What IPv6 readiness means and why you should care

How to use it

When this is useful

Questions and answers

Related tools

DNS Lookup

Email DNS Checker (SPF/DKIM/DMARC)

SSL Certificate Inspector

HTTP Headers Inspector

IPv6 Readiness Check

What IPv6 readiness means and why you should care

How to use it

When this is useful

Questions and answers

Related tools

DNS Lookup

Email DNS Checker (SPF/DKIM/DMARC)

SSL Certificate Inspector

HTTP Headers Inspector