diff --git a/nameserver/nameserver.go b/nameserver/nameserver.go
index f2aea112..e63e49b4 100644
--- a/nameserver/nameserver.go
+++ b/nameserver/nameserver.go
@@ -201,6 +201,12 @@ func handleRequest(ctx context.Context, w dns.ResponseWriter, request *dns.Msg)
 				return
 			}
 
+			// Mark successfull queries as internal in order to hide them in the simple interface.
+			// These requests were most probably made for another process and only add confusion if listed.
+			if conn.Process().IsSystemResolver() {
+				conn.Internal = true
+			}
+
 			// Save the request as open, as we don't know if there will be a connection or not.
 			network.SaveOpenDNSRequest(q, rrCache, conn)
 			firewall.UpdateIPsAndCNAMEs(q, rrCache, conn)
diff --git a/network/connection.go b/network/connection.go
index 6e8def4e..b1e0a4af 100644
--- a/network/connection.go
+++ b/network/connection.go
@@ -269,11 +269,6 @@ func NewConnectionFromDNSRequest(ctx context.Context, fqdn string, cnames []stri
 		dnsConn.Internal = localProfile.Internal
 	}
 
-	// Always mark dns queries from the system resolver as internal.
-	if proc.IsSystemResolver() {
-		dnsConn.Internal = true
-	}
-
 	// DNS Requests are saved by the nameserver depending on the result of the
 	// query. Blocked requests are saved immediately, accepted ones are only
 	// saved if they are not "used" by a connection.