Route 53 public hosted zones should log DNS queries

route53
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

This control verifies whether DNS query logging is activated for an Amazon Route 53 public hosted zone.

Enabling DNS query logging enhances security and compliance by providing greater visibility into DNS activity. The logs capture details such as the queried domain or subdomain, timestamp of the query, DNS record type, and response code. When this feature is enabled, Route 53 delivers the log files to Amazon CloudWatch Logs for further analysis and monitoring.

Remediation

For guidance regarding Route53 query logging, refer to the Configuring logging for DNS queries section of the Amazon Route 53 Developer Guide.