diff --git a/cmd/kube-apiserver/app/options/validation.go b/cmd/kube-apiserver/app/options/validation.go
index 38c8bce6d76..cc64a288635 100644
--- a/cmd/kube-apiserver/app/options/validation.go
+++ b/cmd/kube-apiserver/app/options/validation.go
@@ -37,9 +37,6 @@ func validateClusterIPFlags(options Extra) []error {
 	var errs []error
 	// maxCIDRBits is used to define the maximum CIDR size for the cluster ip(s)
 	maxCIDRBits := 20
-	if utilfeature.DefaultFeatureGate.Enabled(features.MultiCIDRServiceAllocator) {
-		maxCIDRBits = 64
-	}
 
 	// validate that primary has been processed by user provided values or it has been defaulted
 	if options.PrimaryServiceClusterIPRange.IP == nil {
@@ -51,10 +48,12 @@ func validateClusterIPFlags(options Extra) []error {
 		errs = append(errs, errors.New("--service-cluster-ip-range must not contain more than two entries"))
 	}
 
-	// Complete() expected to have set Primary* and Secondary*
-	// primary CIDR validation
-	if err := validateMaxCIDRRange(options.PrimaryServiceClusterIPRange, maxCIDRBits, "--service-cluster-ip-range"); err != nil {
-		errs = append(errs, err)
+	// Complete() expected to have set Primary* and Secondary
+	if !utilfeature.DefaultFeatureGate.Enabled(features.MultiCIDRServiceAllocator) {
+		// primary CIDR validation
+		if err := validateMaxCIDRRange(options.PrimaryServiceClusterIPRange, maxCIDRBits, "--service-cluster-ip-range"); err != nil {
+			errs = append(errs, err)
+		}
 	}
 
 	secondaryServiceClusterIPRangeUsed := (options.SecondaryServiceClusterIPRange.IP != nil)
@@ -72,9 +71,10 @@ func validateClusterIPFlags(options Extra) []error {
 		if !dualstack {
 			errs = append(errs, errors.New("--service-cluster-ip-range[0] and --service-cluster-ip-range[1] must be of different IP family"))
 		}
-
-		if err := validateMaxCIDRRange(options.SecondaryServiceClusterIPRange, maxCIDRBits, "--service-cluster-ip-range[1]"); err != nil {
-			errs = append(errs, err)
+		if !utilfeature.DefaultFeatureGate.Enabled(features.MultiCIDRServiceAllocator) {
+			if err := validateMaxCIDRRange(options.SecondaryServiceClusterIPRange, maxCIDRBits, "--service-cluster-ip-range[1]"); err != nil {
+				errs = append(errs, err)
+			}
 		}
 	}
 
diff --git a/cmd/kube-apiserver/app/options/validation_test.go b/cmd/kube-apiserver/app/options/validation_test.go
index f8454b0ec49..684f4e34211 100644
--- a/cmd/kube-apiserver/app/options/validation_test.go
+++ b/cmd/kube-apiserver/app/options/validation_test.go
@@ -103,8 +103,8 @@ func TestClusterServiceIPRange(t *testing.T) {
 			gate:         true,
 		},
 		{
-			name:         "service cidr IPv6 is too big despuite gate enbled",
-			expectErrors: true,
+			name:         "service cidr IPv6 is too big and gate enbled",
+			expectErrors: false,
 			options:      makeOptionsWithCIDRs("2001:db8::/12", ""),
 			gate:         true,
 		},
@@ -113,6 +113,12 @@ func TestClusterServiceIPRange(t *testing.T) {
 			expectErrors: true,
 			options:      makeOptionsWithCIDRs("10.0.0.0/16", "3000::/64"),
 		},
+		{
+			name:         "dual-stack secondary cidr too big gate enabled",
+			expectErrors: false,
+			options:      makeOptionsWithCIDRs("10.0.0.0/16", "3000::/48"),
+			gate:         true,
+		},
 		{
 			name:         "more than two entries",
 			expectErrors: true,