You can try a debug run pihole -d and post the token for us to look over but we don't log to that file. Everything is set up with logrotate for the log files that we do generate.
Edit: Sorry, missed the token in the original post.
Sep 15 12:12:55 PiHole dnsmasq[628]: forwarded lb._dns-sd._udp.localdomain to 10.0.1.1
Sep 15 12:12:55 PiHole dnsmasq[628]: query[TXT] _aaplcache2._tcp.localdomain from 10.0.1.1
Sep 15 12:12:55 PiHole dnsmasq[628]: forwarded _aaplcache2._tcp.localdomain to 10.0.1.1
Sep 15 12:12:55 PiHole dnsmasq[628]: query[TXT] _aaplcache3._tcp.localdomain from 10.0.1.1
Sep 15 12:12:55 PiHole dnsmasq[628]: forwarded _aaplcache3._tcp.localdomain to 10.0.1.1
Sep 15 12:12:55 PiHole dnsmasq[628]: query[TXT] _aaplcache._tcp.localdomain from 10.0.1.1
Sep 15 12:12:55 PiHole dnsmasq[628]: forwarded _aaplcache._tcp.localdomain to 10.0.1.1
Sep 15 12:12:55 PiHole dnsmasq[628]: query[PTR] lb._dns-sd._udp.localdomain from 10.0.1.1
Sep 15 12:12:55 PiHole dnsmasq[628]: forwarded lb._dns-sd._udp.localdomain to 10.0.1.1
Sep 15 12:12:55 PiHole dnsmasq[628]: query[PTR] lb._dns-sd._udp.0.1.0.10.in-addr.arpa from 10.0.1.1
Sep 15 12:12:55 PiHole dnsmasq[628]: forwarded lb._dns-sd._udp.0.1.0.10.in-addr.arpa to 10.0.1.1
Sep 15 12:12:55 PiHole dnsmasq[628]: query[PTR] lb._dns-sd._udp.0.1.0.10.in-addr.arpa from 10.0.1.1
Sep 15 12:12:55 PiHole dnsmasq[628]: forwarded lb._dns-sd._udp.0.1.0.10.in-addr.arpa to 10.0.1.1
Sep 15 12:12:55 PiHole dnsmasq[628]: query[TXT] _aaplcache2._tcp.localdomain from 10.0.1.1
Sep 15 12:12:55 PiHole dnsmasq[628]: forwarded _aaplcache2._tcp.localdomain to 10.0.1.1
Sep 15 12:12:55 PiHole dnsmasq[628]: query[PTR] lb._dns-sd._udp.localdomain from 10.0.1.1
Sep 15 12:12:55 PiHole dnsmasq[628]: forwarded lb._dns-sd._udp.localdomain to 10.0.1.1
Sep 15 12:12:55 PiHole dnsmasq[628]: query[PTR] lb._dns-sd._udp.0.1.0.10.in-addr.arpa from 10.0.1.1
Following is from pihole.log
Sep 15 12:25:48 dnsmasq[1845]: query[AAAA] s3-a.dualstack.eu-west-1.amazonaws. com from 10.0.1.120
Sep 15 12:25:48 dnsmasq[1845]: forwarded s3-a.dualstack.eu-west-1.amazonaws. com to 127.0.0.1
Sep 15 12:25:48 dnsmasq[1845]: query[A] s3-a.dualstack.eu-west-1.amazonaws. com from 10.0.1.120
Sep 15 12:25:48 dnsmasq[1845]: forwarded s3-a.dualstack.eu-west-1.amazonaws. com to 127.0.0.1
Sep 15 12:25:48 dnsmasq[1845]: reply s3-a.dualstack.eu-west-1.amazonaws. com is 2a05:d050:8020:7c9:34da:2558::
Sep 15 12:25:48 dnsmasq[1845]: reply s3-a.dualstack.eu-west-1.amazonaws. com is 52.218.105.42
Sep 15 12:25:52 dnsmasq[1845]: query[A] czfe147-front01-iad01.transport.home.nest. com from 10.0.1.25
Sep 15 12:25:52 dnsmasq[1845]: forwarded czfe147-front01-iad01.transport.home.nest. com to 127.0.0.1
Sep 15 12:25:52 dnsmasq[1845]: query[A] czfe147-front01-iad01.transport.home.nest. com from 10.0.1.1
Sep 15 12:25:52 dnsmasq[1845]: forwarded czfe147-front01-iad01.transport.home.nest. com to 127.0.0.1
Sep 15 12:25:52 dnsmasq[1845]: query[A] czfe147-front01-iad01.transport.home.nest. com from 10.0.1.1
Sep 15 12:25:52 dnsmasq[1845]: forwarded czfe147-front01-iad01.transport.home.nest. com to 127.0.0.1
Sep 15 12:25:52 dnsmasq[1845]: reply czfe147-front01-iad01.transport.home.nest. com is
Sep 15 12:25:52 dnsmasq[1845]: reply ec2-3-83-184-159.compute-1.amazonaws. com is 3.83.184.159
Sep 15 12:25:52 dnsmasq[1845]: reply czfe147-front01-iad01.transport.home.nest. com is
Sep 15 12:25:52 dnsmasq[1845]: reply ec2-3-83-184-159.compute-1.amazonaws. com is 3.83.184.159
Sep 15 12:25:52 dnsmasq[1845]: reply czfe147-front01-iad01.transport.home.nest. com is
Sep 15 12:25:52 dnsmasq[1845]: reply ec2-3-83-184-159.compute-1.amazonaws. com is 3.83.184.159
Sep 15 12:25:53 dnsmasq[1845]: query[AAAA] gateway.fe.apple-dns.net from 10.0.1.120
I don't know if it helps, but I ran pihole -r and one of the messages was -
[i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
Finally here is a screenshot showing the various sizes - 72 hrs after I cleared both daemon.log and pihole.log
Look in /etc and /etc/dnsmasq.d folder and subfolders for a configuration file that is doing this.
File /etc/dnsmasq.conf with a standard Pi-Hole install should read as follows:
conf-dir=/etc/dnsmasq.d
In the referenced folder, 01-pihole.conf is the file installed by Pi-Hole. There may be others installed either by your or by other software.
cat README
# All files in this directory will be read by dnsmasq as
# configuration files, except if their names end in
# ".dpkg-dist",".dpkg-old" or ".dpkg-new"
#
# This can be changed by editing /etc/default/dnsmasq
cat 01-pihole.conf
# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Dnsmasq config for Pi-hole's FTLDNS
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.
###############################################################################
# FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
# #
# IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN: #
# /etc/pihole/setupVars.conf #
# #
# ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE #
# WITHIN /etc/dnsmasq.d/yourname.conf #
###############################################################################
addn-hosts=/etc/pihole/gravity.list
addn-hosts=/etc/pihole/black.list
addn-hosts=/etc/pihole/local.list
localise-queries
no-resolv
cache-size=10000
log-queries
log-facility=/var/log/pihole.log
local-ttl=2
log-async
# If a DHCP client claims that its name is "wpad", ignore that.
# This fixes a security hole. see CERT Vulnerability VU#598349
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore
server=127.0.0.1#5353
domain-needed
bogus-priv
interface=enxb827ebf04a90