diff --git a/config.go b/config.go
index e72f934..017c344 100644
--- a/config.go
+++ b/config.go
@@ -34,6 +34,7 @@ type Config struct {
 	Timeout           int
 	Expire            uint32
 	Maxcount          int
+	QuestionCacheNonblocked bool
 	QuestionCacheCap  int
 	TTL               uint32
 	Blocklist         []string
@@ -117,6 +118,9 @@ maxcount = 0
 # question cache capacity, 0 for infinite but not recommended (this is used for storing logs)
 questioncachecap = 5000
 
+# should questions for non-blocked hosts be cached/logged?
+questioncachenonblocked = true
+
 # manual blocklist entries
 blocklist = []
 
diff --git a/handler.go b/handler.go
index 317bcd9..9085186 100644
--- a/handler.go
+++ b/handler.go
@@ -200,9 +200,11 @@ func (h *DNSHandler) do(config *Config, blockCache *MemoryBlockCache, questionCa
 
 					logger.Noticef("%s found in blocklist\n", Q.Qname)
 
-					// log query
-					NewEntry := QuestionCacheEntry{Date: time.Now().Unix(), Remote: remote.String(), Query: Q, Blocked: true}
-					go questionCache.Add(NewEntry)
+					if config.QuestionCacheNonblocked {
+						// log query
+						NewEntry := QuestionCacheEntry{Date: time.Now().Unix(), Remote: remote.String(), Query: Q, Blocked: true}
+						go questionCache.Add(NewEntry)
+					}
 
 					// cache the block; we don't know the true TTL for blocked entries: we just enforce our config
 					err := h.cache.Set(key, m, true)