Only hide successful queries of the system resolver

nameserver/nameserver.go

@@ -201,6 +201,12 @@ func handleRequest(ctx context.Context, w dns.ResponseWriter, request *dns.Msg)
 				return
 			}
 
+			// Mark successfull queries as internal in order to hide them in the simple interface.
+			// These requests were most probably made for another process and only add confusion if listed.
+			if conn.Process().IsSystemResolver() {
+				conn.Internal = true
+			}
+
 			// Save the request as open, as we don't know if there will be a connection or not.
 			network.SaveOpenDNSRequest(q, rrCache, conn)
 			firewall.UpdateIPsAndCNAMEs(q, rrCache, conn)

network/connection.go

@@ -269,11 +269,6 @@ func NewConnectionFromDNSRequest(ctx context.Context, fqdn string, cnames []stri
 		dnsConn.Internal = localProfile.Internal
 	}
 
-	// Always mark dns queries from the system resolver as internal.
-	if proc.IsSystemResolver() {
-		dnsConn.Internal = true
-	}
-
 	// DNS Requests are saved by the nameserver depending on the result of the
 	// query. Blocked requests are saved immediately, accepted ones are only
 	// saved if they are not "used" by a connection.