I've noticed on a few of the Pi-hole discussion and support channels that people in general seem to be completely unaware that it's dangerous to have a DNS resolver open to the world on a public server, and many have done so because of the ease of setting up and using Pi-hole.
Would others agree that maybe it would be good to have a warning during installation to instruct people that it's not a good idea to open port 53 to the internet on your Pi-hole installation?
I think it is quite likely that many users do not even know if they have a port open to the Internet when they install Pi-hole on a droplet and don't have that much of experience or clue what is actually going on behind the scenes.
Hence, I doubt that a simple text message will be causing any effect in the end.
The only effective thing might be a flashy message which we can - of course - only show if an actual threat has been detected.
It's actually a rather rare occurrence, but it happens to get a lot of notice when it does occur. I can't think of any DNS server package that does display any kind of warnings when installed so my vote would be to not show any message for now, but keep the idea open for possible inclusion if the situation starts to happen more frequently.
Dont know if thats great (advertising Pi-Hole) or the fools dont know what they are doing.
For example DNS amplification attacks can be mitigated quite easily by just firewalling UDP for DNS as then the clients will fallback to TCP.
And you'll need to protect against syn-flood attacks and few others.
But makes you wonder if these people have any idea of the risks.
There is a frighteningly high rate of users that do think that others will never-ever be able to find their droplet, because first they have to know the IP address. Since many of them don't understand how IP addresses work, they assume that 126.96.36.199 is as good as any other 15 characters password and hence, they erroneously feel safe by obscurity. If they are even interested, they are shocked when you explain them how addresses work and that you can actually pretty straightforwardly probe all public IP addresses within less than a day (or even faster).
Even worse, there are also users that don't even think of any other users that might exist on Earth. They create a droplet, install Pi-hole and use the IP on all of their devices as manually configured DNS server. They don't at all have the idea of other users that might also use "their" droplet...
The list of extremely obvious mis-behavior of users that just don't know any better, but nevertheless rent (partially quite powerful) virtual machines out there is alarmingly high.
Partially, I have to say, it is also the fault of the big providers like Vultr or DigitalOcean that they do not (by default!) have a minimal firewall. I'm thinking about a simple INPUT rule that drops everything except SSH and possible other applications you already installed alongside when spinning up the droplet.
The current default behavior for fresh installs is no. 2 in your picture? Why? Simply because dozens of users encountered issues with the first option, that is that when dnsmasq comes up before the networking interfaces are ready, it fails to start altogether. I know that Raspbian recently updated dnsmasq to a version where this misbehavior is fixed, but since we officially support Debian Jessie (where we cannot be sure that a recent version of dnsmasq is available everywhere), we cannot make option 1 the default. Obviously, we don't want option 3 to be the default...
The piadvanced script I'm working on includes using iptables to create a very secure firewall. One of the things I am looking at implementing is using iptables to only answer requests for access to pihole to device on the local network, and via VPN
(53, 22, 67, 68, and the lightttpd interface)