fix: Obfuscate the question_name field

[pkern]

Currently blocky attempts to obfuscate queries (which I find a little questionable, given that you can still potentially deduce what has been asked for, but alas). However question_name is not obfuscated at all, so while the answer is, the plaintext query will still end up in the log. This change routes the field through the obfuscator, which will obfuscate if needed.

[ThinkChaos]

Thanks for the PR!

I'm not sure what's best to do here since the querylog is not very useful without this info, and it's disabled by default so you need to opt-in to have this output in the console.
Maybe we should make it explicit in the docs that log.privacy doesn't impact this?

EDIT: maybe QueryLog.LogConfig can log a warning, or we error during config validation, if log.privacy is enabled but the querylog type is console and it includes responseAnswer or question fields.

[ThinkChaos]

If we do obfuscate this, we should also do the answer:

Suggested change

	"answer": entry.Answer,
	"answer": util.Obfuscate(entry.Answer),

[pkern]

Answer is already obfuscated. That's because it's piped through util.AnswerToString which obfuscates everything (including query type, amusingly, even though that's clear from the length).

[pkern]

I'm not sure what's best to do here since the querylog is not very useful without this info, and it's disabled by default so you need to opt-in to have this output in the console. Maybe we should make it explicit in the docs that log.privacy doesn't impact this?

That's not actually accurate. The documentation states "If not defined, blocky will log all available information" and if queryLog.type is omitted, it seems to log everything by default. If that's not intended, maybe that also needs fixing. ;-)

The default behavior with an empty config but the privacy bit was already logging. You can still get some value out of such a query log ("has something been blocked for client X at time Y?"), which is why I kept it on for now...