On the github page for AdminLTE, there's a screenshot of the query log and the status of the blocked queries says "Pi-holed".
How is that achievable? Mine, for instance, always says one of these:
Blocked OK (forwarded) OK (forwarded) INSECURE OK (cached).
Also, being new-ish to the Pi-hole world, what does "OK (forwarded)" mean? And, last question - under the "Domain" column in the query log, that represents the domain of the address that queried my Pi-hole, right? So if I see something strange in there, that indicates something strange made a connection attempt to my network?
Ahh, got it. I'm actually in the other camp. I like "Pi-holed", hah!
So in the event Unbound is configured and set as the upstream DNS within Pi-hole, does it still mean the same thing? It's just sent to 127.0.0.1 instead of a public DNS?
Oh, so the Client listed is what's performing the query out to what's listed in the Domain column? I ask it this way because I have a domain that shows up in the Domain column about 600-700 times every 48 hours and I'm trying to discern is it me reaching out to it or it reaching in to me? I guess by your explanation it's the former, correct?
In my mind I thought the Query log worked in the opposite way - items listed in the Domain column are reaching to the client and the Pi-hole either blocks it or forwards it on.
Yes. Reaching in would be represented by a client that comes from outside your local network address range.
In a typical home setup nothing is every reaching in. The first step of a connection always have to go from inside to the outside. The sole exception is when you forward ports from your public IP address to one of your internal devices. However, even in this case, Pi-hoel would not show such a request as it is not a firewall. Devices from the outside would use their own DNS server so there is no chance Pi-hole could ever see them.