Posted On: Sep 7, 2017
If you are using Amazon Route 53 as your public, authoritative DNS, you will now have the capability to easily log DNS queries received by Amazon Route 53 through integration with CloudWatch Logs. This capability makes it easier to debug issues, conduct security audits, and run business analytics. With near real-time log delivery, customers can react quickly to events, and the power of CloudWatch Logs makes it easy to search, export, or archive your query logs.
Public DNS query logs can be a useful tool to troubleshoot issues with your application. They can also be an essential part of security audits by enabling you to understand what domain names your end users are querying for, which can also be a useful business metric. Once you have enabled DNS Query logs for Route 53, the Cloudwatch Log records can be exported to S3 or streamed to Kinesis Firehose and Amazon Elasticsearch.
To learn more about Amazon Route 53 DNS Query logs, please see the Amazon Route 53 documentation.