QueryLog: Unique & New hosts within given timeframe

Some applications really hammer the dns resolver when you block hosts.
In addition to that you usually get multiple query types within the same second
A , AAAA, MX, DNSSEC and so on.
To see what is new and what is requested on the network and maybe find some oddities it would be nice if we could reduce this clutter by collapsing different query types by requested host.

On top of that i'd love to cross reference queried hostnames with the past.
The usual queries for cdns or subscribed websites aren't that interesting in the logfile.
It would be far more useful to see domains that haven't been requested in the past to see what might be a new addition for the blocklist.

As a related aside, you may find Tools > Audit log to be useful if you're not aware of it. It shows allowed domains and blocked domains sorted by the most active.

If you recognise the domain and are happy with its status you can click Audit, or else you can Blacklist an allowed domain or Whitelist a blocked domain. As you process them they are removed from this screen and the next most active domains move up the list.

It gives a handy way to audit the most active domains that are being requested by your network. The view is live so you can see any active domains appearing in real time.

You can do this now, using the filtering feature of the query log. Click on the element with which you desire to filter.


Filtered on specific client

Filtered on query type for that client