CloudWatch is the primary AWS monitoring application and is rather extensive in its capabilities and feature sets. In the following sections, the various options available in CloudWatch for Route 53 metrics are explained.
Query logging will provide you with detailed information on resolver queries to Route 53, which includes the domain or subdomain being requested, the date and time, the record type, the response code including NoError or ServFail, and which AWS Route 53 edge location responded to the query if it was a public zone. Note that DNS relies heavily on caching queries, so not all DNS queries actually go to the resolver and get logged. Only when the cache TTL of the remote DNS server expires will the query go to the resolver and, in turn, be logged. It is important to remember that not all DNS queries will be in your logs because of the caching nature of DNS.
Route 53 sends the logs to CloudWatch logs, and they are not directly accessible through Route 53; you must use the CloudWatch console to view them. CloudWatch displays the logging data in near real time and provides search, filter, and export capabilities. A CloudWatch log group creates a stream for each edge location that exports data to the service. The edge ID uses the standard three-character airport codes at its location with a random number appended to the end. For example, the Atlanta edge location would appear as ATL3 in CloudWatch with the numeric 3 given as an example only.
In the Route 53 console, you can see the query logging configuration by going to Hosted zones, selecting the zone name, and then going to Query logging configuration, as shown in Figure 3.34.
FIGURE 3.34 Route 53 query logging configuration
To view the logging data, open the CloudWatch console and go to the Route 53 log group. The following is an example of a log file that was generated by Route 53 and exported to CloudWatch logs:
1.0 2022-08-27T17:37:20Z Z6FYZX3I66KS5 tipofthehat.com A NOERROR UDP CDG53-C1 172.70.245.24 –
CloudWatch query logging captures query and response log data that originates in a VPC. Resolver query logging can also log queries from your on-premise systems that query the inbound resolver endpoints in a VPC, outbound resolvers, and DNS firewall rules that either block, allow, or monitor your domain lists.
There is a large amount of data collected in each log, including the AWS region the VPC resides in, VPC ID of the queries’ originating VPC, instance IP address and ID of the originator, date/time, record type, response code, and value returned in response to the query. If this is a DNS firewall record, the rule and action data are posted.
CloudWatch monitors public hosted zone logs in near real time that are accessed through the CloudWatch, and not the Route 53, console. The metric appears in CloudWatch shortly after the DNS query is made in Route 53 with the collection granularity being 1 minute.
To view the metric data in the CloudWatch console, select All Metrics on the Metrics tab in the left panel, select N. Virginia as the region, and enter Route 53 in the search box.
Acedexam Training Policies
Learning resources
Other resources
Our Training Providers
