How can I delete DNS query logging for a specific domain in Route 53?

Last updated: 2020-10-03

How can I delete DNS query logging for a specific domain in Amazon Route 53?

Short description

To delete DNS query logging for a specific domain, you must first obtain the query logging ID. You can find the query logging ID using:

  • The AWS Command Line Interface (AWS CLI), or
  • AWS Tools for PowerShell

The query logging ID is not available from the Route 53 console.

Resolution

Note: In the following commands, replace all placeholder text with the corresponding values for your configuration. If you receive errors when running AWS CLI commands, make sure that you’re using the most recent version of the AWS CLI.

Delete DNS query logging for a specific domain using the AWS CLI

1.    Get information about Route 53 DNS query logging associated with a specific hosted zone created for a domain:

aws route53 list-query-logging-configs --hosted-zone-id [your hosted zone ID]

Example output:

{
    "QueryLoggingConfigs": [
        {
            "HostedZoneId": "Z11BNGDQEO95SY",
            "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:745401294438:log-group:route53log:*",
            "Id": "7d9a464b-b0b4-4493-afaf-1c33b1dd4a11"
        }
    ]
}

In the previous example, 7d9a464b-b0b4-4493-afaf-1c33b1dd4a11 is the query logging ID. 

2.    Using the query logging ID, get query logging information associated with your specific domain name:

aws route53 get-query-logging-config --id [your query logging ID]

Example output:

{
    "QueryLoggingConfig": {
        "HostedZoneId": "Z11BNGDQEO95SY",
        "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:745401294438:log-group:route53log:*",
        "Id": "7d9a464b-b0b4-4493-afaf-1c33b1dd4a11"
    }
}

3.    Delete query logging associated with your specific domain name:

aws route53 delete-query-logging-config --id 7d9a464b-b0b4-4493-afaf-1c33b1dd4a11

Note: After running the previous command, you won't receive a confirmation message indicating that the query logging was deleted. To confirm the deletion, check the Route 53 console.

Delete DNS query logging for a specific domain using AWS Tools for PowerShell

1.    Get information about Route 53 DNS query logging associated with a specific hosted zone created for a domain:

PS C:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell> Get-R53QueryLoggingConfigList  -HostedZoneId  [your hosted zone ID]
Id                                   HostedZoneId   CloudWatchLogsLogGroupArn
--                                   ------------   -------------------------
35ab59c0-4952-48ee-aa71-990f249c1abb Z11BNGDQEO95SY arn:aws:logs:us-east-1:745401294438:log-group:route53log:*

2.    Using the query logging ID, get query logging information associated with your specific domain name:

PS C:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell> Get-R53QueryLoggingConfig -Id 35ab59c0-4952-48ee-aa71-990f249c1abb
Id                                   HostedZoneId   CloudWatchLogsLogGroupArn
--                                   ------------   -------------------------
35ab59c0-4952-48ee-aa71-990f249c1abb Z11BNGDQEO95SY arn:aws:logs:us-east-1:745401294438:log-group:route53log:*

3.    Delete query logging associated with your specific domain name:

PS C:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell> Remove-R53QueryLoggingConfig -Id 35ab59c0-4952-48ee-aa71-990f249c1abb
Confirm
Are you sure you want to perform this action?
Performing the operation "Remove-R53QueryLoggingConfig (DeleteQueryLoggingConfig)" on target "35ab59c0-4952-48ee-aa71-990f249c1abb".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): Y
PS C:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell>