I’ve seeing a lot of blank requests in my teams gateway log. I have set up some block rules in my policy and I use unbound which checks DNSSEC when resolving to integrate with gateway resolver. I tried to figure it out myself, and I found that my policy will not only block A|AAAA requests for blocked domain but some types like HTTPS|DS. The problem is unbound will query for DS type requests aggressively if it’s not fulfilled for DNSSEC needs and my devices behind unbound will query for HTTPS type aggressively too. But those blocked requests will be logged in blocked section but also allowed section as blank records. Because the number of allowed or blocked requests is quite equal at this point. So I create a exceptional rule to allow HTTPS|DS type for all domains, the blank logs are gone. That’s what I found. But today I see a lot of blank logs again, I don’t know what types of requests caused it now. I don’t think certain types of requests should be logged both in blocked and allowed section, and even if logging, the entry shouldn’t be logged as blank results which is unable to analyze. Can you help me find out what’s the problem or what type of requests is making blank log entry? And finally, how can I eliminate blank domain logs?