Please follow the below template, it will help us to help you!
_[PiHole DNS server should provide filtering for the associated network IP
Below is a long text explaining the possibilities
The attached picture helps explain my question.
And as for the OUTER circles and arcs . . .
The outer circle of the resolver status icon shows what, if any, “DNS rebinding attack protection” the corresponding nameserver provides to its querying clients.
DNS rebinding attacks utilize DNS to fool a browser’s scripting security into believing that local resources, such as the user’s own computer or router, are located in the same web domain as the script’s source. When this occurs, the browser’s “Same Origin Policy” protection is bypassed, giving scripts unrestricted access to the local resource. This allows scripts to do bad things such as change LAN router settings or access any resources and computers on the LAN. (That’s not good.)
Security conscious DNS nameservers are able to help block these attacks simply by never returning IP addresses that fall within the ranges of IP addresses commonly used with private LAN networks behind a router or the “Localhost IP” of 127.0.0.1 which computers use to refer to themselves.
GRC’s DNS Benchmark tests each nameserver to determine whether it blocks (filters) the return of these reserved private IP addresses — in both IPv4 and IPv6 formats. At the time of this feature’s release, only the OpenDNS nameservers can be configured to do this, and then only for IPv4, IPv6 versions of these queries are still able to sneak through. Since there is never any reason to return a private IP address from a public DNS request all nameservers should block the return of private IP addresses. Hopefully, more will in the future.
As shown in the nearby diagram, the outer circle is divided into four quadrants with each quadrant associated with an IP address in non-routable private networks:
- An EMPTY arc (see the 127.0.0.1 IP in the sample diagram) indicates that no filtering is provided by the nameserver for the associated network IP.
- A BLUE arc (see the 192 and 10 network IPs in the sample diagram) indicates that filtering is provided for either the IPv4 or IPv6 style address, but not both , by the nameserver for the associated network IP.
- A GREEN arc (see the 172 network IP in the sample diagram) indicates that filtering is provided for both the IPv4 or IPv6 style address by the nameserver for the associated network IP.
The best possible protection is therefore represented by a full, unbroken, green outer ring signifying that all four network IP ranges are being blocked in both IPv4 and IPv6 formats. While no nameservers are providing this protection at the time of this new feature’s release, it is our hope that, with time, many nameservers will be updated to do so. No new programming is required to provide this feature. It is simply a matter of updating the nameserver’s configuration file.]_
[PiHole DNS supplies filtering for either the IPv4 or IPv6 style address, but not both]