diff --git a/common/net.go b/common/net.go
index ccce550..993c4c4 100644
--- a/common/net.go
+++ b/common/net.go
@@ -86,6 +86,9 @@ func (f connectionFilter) WhitelistPrefix(p netaddr.IPPrefix) {
 }
 
 func (f connectionFilter) ShouldBeSkipped(dst, actualDst netaddr.IP) bool {
+	if dst.IsLinkLocalUnicast() {
+		return true
+	}
 	if IsIpPrivate(dst) || dst.IsLoopback() {
 		return false
 	}
@@ -206,3 +209,15 @@ func NewDestinationKey(dst, actualDst netaddr.IPPort, fqdn string) DestinationKe
 		actualDestination: HostPortFromIPPort(actualDst),
 	}
 }
+
+var ec2NodeRegex = regexp.MustCompile(`ip-\d+-\d+-\d+-\d+\.ec2`)
+var externalDomainWithSuffix = regexp.MustCompile(`(.+\.(com|net|org|io))\..+`)
+
+func NormalizeFQDN(fqdn string, requestType string) string {
+	if requestType == "TypePTR" {
+		return "IP.in-addr.arpa"
+	}
+	fqdn = ec2NodeRegex.ReplaceAllLiteralString(fqdn, "IP.ec2")
+	fqdn = externalDomainWithSuffix.ReplaceAllString(fqdn, "$1.search_path_suffix")
+	return fqdn
+}
diff --git a/common/net_test.go b/common/net_test.go
index 0774a09..38ee77e 100644
--- a/common/net_test.go
+++ b/common/net_test.go
@@ -57,3 +57,18 @@ func TestDestinationKey(t *testing.T) {
 		NewDestinationKey(d, ad, "bucket.s3.amazonaws.com.default.svc.cluster.local").String(),
 	)
 }
+
+func TestNormalizeFQDN(t *testing.T) {
+	assert.Equal(t, "IP.in-addr.arpa", NormalizeFQDN("4.3.2.1.in-addr.arpa", "TypePTR"))
+	assert.Equal(t, "coroot.com", NormalizeFQDN("coroot.com", "TypeA"))
+	assert.Equal(t, "IP.ec2.internal", NormalizeFQDN("ip-172-1-2-3.ec2.internal", "TypeA"))
+
+	assert.Equal(t, "example.com", NormalizeFQDN("example.com", "TypeA"))
+	assert.Equal(t, "example.com.search_path_suffix", NormalizeFQDN("example.com.cluster.local", "TypeA"))
+	assert.Equal(t, "example.com.search_path_suffix", NormalizeFQDN("example.com.svc.cluster.local", "TypeA"))
+	assert.Equal(t, "example.com.search_path_suffix", NormalizeFQDN("example.com.svc.default.cluster.local", "TypeA"))
+
+	assert.Equal(t, "example.net.search_path_suffix", NormalizeFQDN("example.net.svc.default.cluster.local", "TypeA"))
+	assert.Equal(t, "example.org.search_path_suffix", NormalizeFQDN("example.org.svc.default.cluster.local", "TypeA"))
+	assert.Equal(t, "example.io.search_path_suffix", NormalizeFQDN("example.io.svc.default.cluster.local", "TypeA"))
+}
diff --git a/containers/container.go b/containers/container.go
index 1cadd63..01200e9 100644
--- a/containers/container.go
+++ b/containers/container.go
@@ -654,6 +654,15 @@ func (c *Container) onDNSRequest(r *l7.RequestData) map[netaddr.IP]string {
 	if t == "" {
 		return nil
 	}
+	fqdn = common.NormalizeFQDN(fqdn, t)
+
+	// To reduce the number of metrics, we ignore AAAA requests with empty results,
+	// as they are typically performed simultaneously with A requests and do not add
+	// any additional latency to the application.
+	if t == "TypeAAAA" && r.Status == 0 && len(ips) == 0 {
+		return nil
+	}
+
 	if c.dnsStats.Requests == nil {
 		dnsReq := L7Requests[l7.ProtocolDNS]
 		c.dnsStats.Requests = prometheus.NewCounterVec(
diff --git a/ebpftracer/l7/l7.go b/ebpftracer/l7/l7.go
index d522fa1..f2250db 100644
--- a/ebpftracer/l7/l7.go
+++ b/ebpftracer/l7/l7.go
@@ -108,7 +108,19 @@ func (s Status) String() string {
 }
 
 func (s Status) Http() string {
-	return strconv.Itoa(int(s))
+	switch {
+	case s >= 100 && s < 200:
+		return "1xx"
+	case s >= 200 && s < 300:
+		return "2xx"
+	case s >= 300 && s < 400:
+		return "3xx"
+	case s >= 400 && s < 500:
+		return "4xx"
+	case s >= 500 && s < 600:
+		return "5xx"
+	}
+	return "unknown"
 }
 
 func (s Status) DNS() string {