diff --git a/pkg/model/components/kindnet.go b/pkg/model/components/kindnet.go
index 556c3bfe6a9f1..7b461f70873cf 100644
--- a/pkg/model/components/kindnet.go
+++ b/pkg/model/components/kindnet.go
@@ -40,19 +40,27 @@ func (b *KindnetOptionsBuilder) BuildOptions(o *kops.Cluster) error {
 		c.Version = "v1.8.0"
 	}
 
-	// Kindnet should masquerade well known ranges if kops is not doing it
-	if c.Masquerade == nil {
-		c.Masquerade = &kops.KindnetMasqueradeSpec{
-			Enabled: fi.PtrTo(true),
+	if clusterSpec.IsIPv6Only() {
+		if c.Masquerade == nil {
+			c.Masquerade = &kops.KindnetMasqueradeSpec{
+				Enabled: fi.PtrTo(false),
+			}
 		}
-		if clusterSpec.Networking.NetworkCIDR != "" {
-			c.Masquerade.NonMasqueradeCIDRs = append(c.Masquerade.NonMasqueradeCIDRs, clusterSpec.Networking.NetworkCIDR)
-		}
-		if clusterSpec.Networking.PodCIDR != "" {
-			c.Masquerade.NonMasqueradeCIDRs = append(c.Masquerade.NonMasqueradeCIDRs, clusterSpec.Networking.PodCIDR)
-		}
-		if clusterSpec.Networking.ServiceClusterIPRange != "" {
-			c.Masquerade.NonMasqueradeCIDRs = append(c.Masquerade.NonMasqueradeCIDRs, clusterSpec.Networking.ServiceClusterIPRange)
+	} else {
+		// Kindnet should masquerade well known ranges if kops is not doing it
+		if c.Masquerade == nil {
+			c.Masquerade = &kops.KindnetMasqueradeSpec{
+				Enabled: fi.PtrTo(true),
+			}
+			if clusterSpec.Networking.NetworkCIDR != "" {
+				c.Masquerade.NonMasqueradeCIDRs = append(c.Masquerade.NonMasqueradeCIDRs, clusterSpec.Networking.NetworkCIDR)
+			}
+			if clusterSpec.Networking.PodCIDR != "" {
+				c.Masquerade.NonMasqueradeCIDRs = append(c.Masquerade.NonMasqueradeCIDRs, clusterSpec.Networking.PodCIDR)
+			}
+			if clusterSpec.Networking.ServiceClusterIPRange != "" {
+				c.Masquerade.NonMasqueradeCIDRs = append(c.Masquerade.NonMasqueradeCIDRs, clusterSpec.Networking.ServiceClusterIPRange)
+			}
 		}
 	}