Logging & Privacy
MoonDNS is built around profile-level controls. The default beta posture is aggregate analytics plus live troubleshooting, with raw query history off unless you enable it for a specific profile.
Default behavior
- MoonDNS keeps aggregate counters so the dashboard can show query volume and block rates.
- Live logs stream while the Logs tab is open and do not replay old events by default.
- Raw retained query history starts as Off for every profile.
Raw retention
- You choose the raw-history window per profile: Off, 1 hour, 24 hours, 7 days, or 30 days.
- When enabled, MoonDNS stores batched raw query events for that rolling window only.
- Retained history can be exported as NDJSON or deleted from the profile Logs tab.
Storage
- Retained raw query history uses the dedicated EU query-log bucket when configured.
- D1 stores small indexes and aggregate counters, not one database row per DNS query.
- Worker runtime logs are operator telemetry and are separate from customer DNS query history.
Plain DNS identity
DoH and DoT carry the profile identity in the URL or hostname. Plain DNS on port 53 cannot do that, so MoonDNS uses linked public IPs only to decide whether a plain-DNS client should match a profile.
Current beta promise
Keep raw retention off unless you need troubleshooting history. If you turn it on, keep the shortest tier that solves the problem, export what you need, and delete retained logs when you are done.