In Settings > Privacy > DNS resolver privacy level
add additional checkboxes to select domains to log:
Log permitted domains
Log blocked domains
I don't want to be tracking all my client's traffic, I only need to see blocked queries, to whitelist them in case they break critical features.
As an administrator, I would like to be able to control the privacy settings of logs for allowed and blocked domains separately.
As specified in the docs, there are 5 levels of privacy which applies to all logging of requests.
75% - 95% of allowed logged requests are for allowed domains. For these requests I am more concerned with privacy.
For the %5 - %25 of blocked requests I am more concerned with transparency.
Currently I have to make a choice between privacy of allowed requests and transparency of blocked requests.
I propose separate privacy controls for blocked vs allowed requests.
Doesn't fulfill API/Web interface - Query Log
Show permitted domain entries
Show blocked domain entries
your needs?
Yubiuser not sure I understand what you are trying to say?
Are you saying there might be an existing feature that meets this need - if so can you be more specific about how or where to find this feature.
Are you talking about the filter options under 'Long Term Data > Query Log'?
Those allows you to filter available queries based on blocked allowed status yes, but we are talking about being able to control how much data is available for blocked vs allowed queries independently.
At the moment all queries get the same privacy treatment.
No, I'm talking about options for 'Query Log'
But your're right this are just toggles for visibility not privacy.
Ah thanks for the clarification!
Please consider changing the title for this request, as hiding permitted/blocked queries is already possible.
The request should be to not log/store permitted requests at all, while only logging/storing blocked requests.
thank you, I updated the post.
Any updates on this?
On what, specifically? The original post is over 5 years old and pre-v6 (meaning it would be worth re-assessing in terms of functionality anyway).
The new server-side long-term query processing in v6 makes it much easier to say, for example, "show me all blocked queries", which is essentially the view that the original post ends up with anyway. This can be accessed through Query Log > Advanced filtering as a starting point. It can be tweaked way more than this too.
Pi-hole sees all DNS requests made of it, by definition, and can optionally log those requests for any purpose needed. That, in and of itself, cannot be classed as "tracking" clients' traffic. Tracking, or not, comes down to how that logged data is used, and said purpose.
If it's used for maintenance and administration, as suggested here, that is no different to the OS, the apps, the router, the ISP, the sites, the services and any other entity involved in creating that traffic.
If it's used to build some sort of relational profile of the clients for some other purpose, that could be said to be tracking, but that is not a Pi-hole issue.
In both cases it's a trust and policy issue.
The original request said:
but an equally valid use of the logs is to see allowed queries to blacklist them in case they break critical features. The much-enhanced and very friendly long-term query filtering in v6 hopefully now meets all these needs.
The request was very simple. “Log blocked queries. Don't log unblocked queries.” Basically provide 2 checkboxes: one for logging blocked queries and another for logging unblocked queries. User can leave both checked or both unchecked to mimic previous behavior.
Keyword being “Log”, not “Show” or “Filter”. As in, store data/record of a DNS request by a client, only if it was in blocklist.
This way privacy of clients are maintained until they visit a site on blocklist.
Unless I'm mistaken(it feels like I am. Sry in advance), filtering stored data is complete independent feature in V6 and seems honestly unrelated to what was requested. Either way, I mentioned what I'm looking for at start of this comment as what I believe OP wanted. Let me know if I need to make a seperate post about it.
As far as log files are concerned, I'm not sure whether this would be technically feasible.
pihole-FTL/dnsmasq logs requests as they are received, i.e. before it would decide whether a request should be blocked or forwarded.
This results in log lines stating the domain and client:
query[A] discourse.pi-hole.net from 192.168.1.100
query[A] flurry.com from 192.168.1.100
To get rid of lines already written to the logs while new requests keep arriving would be quite messy.
Changing the code to delay logging until after the decision has been made could work, but likely would mean a change to upstream dnsmasq, which Pi-hole tries to keep to a minimum (that said, the Pi-hole team has provided numerous patches for upstream dnsmasq in the past, but it would depend on dnsmasq maintainers whether a patch would be accepted).
As far as the database is concerned, it should be possible to implement, as the database code is Pi-hole's exclusively, but I cannot comment on involved efforts, of course.
Let's see what the development team thinks about it.