Improve rate-limiting warninng in pihole.log

Signed-off-by: DL6ER <dl6er@dl6er.de>

src/dnsmasq_interface.c

@@ -295,11 +295,12 @@ size_t _FTL_make_answer(struct dns_header *header, char *limit, const size_t len
  // Setup reply header
  setup_reply(header, flags, *ede);
 
- // Add NEG flag when replying with NXDOMAIN. This is necessary to get proper logging in pihole.log
- // At the same time, we cannot add NEG before calling setup_reply() as it would, otherwise, result
- // in an incorrect "nowhere to forward to" log entry (because setup_reply() checks for equality of
- // flags instead of doing a bitmask comparison).
- if(flags == F_NXDOMAIN)
+ // Add NEG flag when replying with NXDOMAIN or NODATA. This is necessary
+ // to get proper logging in pihole.log At the same time, we cannot add
+ // NEG before calling setup_reply() as it would, otherwise, result in an
+ // incorrect "nowhere to forward to" log entry (because setup_reply()
+ // checks for equality of flags instead of doing a bitmask comparison).
+ if(flags == F_NXDOMAIN || flags == F_NOERR)
  flags |= F_NEG;
 
  // Add flags according to current blocking mode
@@ -373,9 +374,27 @@ size_t _FTL_make_answer(struct dns_header *header, char *limit, const size_t len
  log_query(flags & ~F_IPV4, name, addr, (char*)blockingreason, 0);
  }
 
- // Log empty replies (NODATA/NXDOMAIN/REFUSED)
+ // Log empty replies (NODATA/NXDOMAIN)
  if(!(flags & (F_IPV4 | F_IPV6)))
- log_query(flags, name, NULL, (char*)blockingreason, 0);
+ {
+ if(flags == F_HOSTS)
+ {
+ // REFUSED is an empty set of flags + added F_HOSTS
+ flags |= F_RCODE;
+ union all_addr addr = {{ 0 }};
+ addr.log.rcode = REFUSED;
+ if(*ede)
+ addr.log.ede = *ede;
+ // rate-limiting abc.com is REFUSED (EDE: blocked)
+ log_query(flags, name, &addr, (char*)blockingreason, 0);
+ }
+ else
+ {
+ // NODATA/NXDOMAIN
+ // gravity blocked abc.com is NODATA/NXDOMAIN
+ log_query(flags, name, NULL, (char*)blockingreason, 0);
+ }
+ }
 
  // Indicate if truncated (client should retry over TCP)
  if (trunc)