Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Query Logging: Ignore certain domains or regex entries #1390

Open
gspannu opened this issue Mar 5, 2024 · 2 comments
Open

Query Logging: Ignore certain domains or regex entries #1390

gspannu opened this issue Mar 5, 2024 · 2 comments
Labels
🔨 enhancement New feature or request
Milestone
future

Comments

@gspannu
Copy link

gspannu commented Mar 5, 2024

I have an OPNsense router and Blocky running on a Debian machine separately.
I have a lot of Apple devices that seem to generate a lot (hundreds !) of queries like

b._dns-sd._udp.0.1.168.192.in-addr.arpa
lb._dns-sd._udp.home
db._dns-sd._udp.home

It is basically conditional forwarding that causes these excessive queries, and is a well known/ well documented issue appearing on both PiHole and AdGuard Home. Many articles on the interment.

While I understand that the source of these queries is Apple devices, and Blocky cannot do much with these... However, can these queries be omitted from the query log?

Both Pi-Hole and AGH have implemented a feature that certain domain names are not included in the query log or statistics.

Could we have a config section within queryLog where certain domain names/ regex entries can be defined and these will be ignored to be sent to the query log.

Something like:

queryLog:
  type: postgresql
  target: postgres://user:password@<ipaddr>:5432/db_name
  logRetentionDays: 7
  ignoredomains:
    - |
    - *._dns-sd._udp.home
    - *.apple.com
    - /^.*p\.(([0-9]{1,3}\.){4})in-addr\.arpa$/
    - /^banners?[_.-]/

It is basically conditional/ lookup forwarding that causes these excessive queries. If I disable the below then these queries stop, but unfortunately so does client name lookup. I want the query log to report Client_name and it only works if lookup forwarding is enabled.

My config.yml

clientLookup:
  upstream: 192.168.1.1:53535  #Address of Router running dnsmasq
@kwitsch kwitsch added the 🔨 enhancement New feature or request label Mar 31, 2024
@kwitsch
Copy link
Collaborator

kwitsch commented Mar 31, 2024

I think requests that are blocked through the SUDN resolver(prevents sending special use domain requests upstream) should get an option to disable logging for requests blocked by it.
This would make entry 1 and 3 obsolete.
SUDN blocks are accessive most of the time so disabling logs for such requests are beneficial for most users.

@kwitsch kwitsch added this to the future milestone Mar 31, 2024
@ThinkChaos ThinkChaos mentioned this issue Apr 5, 2024
Merged
@ThinkChaos
Copy link
Collaborator

I made a PR (link just above) with an option for ignoring just the SUDN responses :)

I think a more powerful system could be useful, so we can keep this open, though I don't plan on working on that ATM.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🔨 enhancement New feature or request
Projects
None yet
Milestone
future
Development

No branches or pull requests
3 participants
@gspannu @ThinkChaos @kwitsch