Route 53 public hosted zones should log DNS queries

Documentos > Datadog Security > OOTB Rules > Route 53 public hosted zones should log DNS queries

Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Description

This control verifies whether DNS query logging is activated for an Amazon Route 53 public hosted zone.

Enabling DNS query logging enhances security and compliance by providing greater visibility into DNS activity. The logs capture details such as the queried domain or subdomain, timestamp of the query, DNS record type, and response code. When this feature is enabled, Route 53 delivers the log files to Amazon CloudWatch Logs for further analysis and monitoring.

Remediation

For guidance regarding Route53 query logging, refer to the Configuring logging for DNS queries section of the Amazon Route 53 Developer Guide.