- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Cloud DNS logging records the queries from the name servers within your VPC to Stackdriver. Logged queries can come from Compute Engine VMs, GKE containers, or other GCP resources provisioned within the VPC.
Cloud DNS logging is disabled by default on each network.
Security monitoring and forensics cannot depend solely on IP addresses from VPC flow logs, especially when considering the dynamic IP usage of cloud resources, HTTP virtual host routing, and other technology that can obscure the DNS name used by a client from the IP address. Monitoring Cloud DNS logs provides visibility into DNS names requested by the clients within the VPC. These logs can be monitored for anomalous domain names and evaluated against threat intelligence.
To fully capture DNS logging records, your firewall must block egress for UDP/53 (DNS) and TCP/443 (DNS over HTTPS) to prevent the client from using an external DNS name server for resolution.
Only queries that reach a name server are logged. Cloud DNS resolvers cache responses, queries answered from caches, and direct queries to an external DNS resolver outside the VPC are not logged.
Enabling of Cloud DNS logging might result in your project being charged for the additional logs usage.
For VPC networks that need a new DNS policy with logging enabled, run the following:
gcloud dns policies create enable-dns-logging --enable-logging --
description="Enable DNS Logging" --networks=VPC_NETWORK_NAME
The VPC_NETWORK_NAME
can be one or more networks in a comma-separated list.
For VPC networks that have existing DNS policies, run the following to enable logging:
gcloud dns policies update POLICY_NAME --enable-logging --
networks=VPC_NETWORK_NAME
The VPC_NETWORK_NAME
can be one or more networks in a comma-separated list.