VIEW RULE IN DATADOG VIEW MISCONFIGURATIONS

Description

This control verifies whether DNS query logging is activated for an Amazon Route 53 public hosted zone.

Enabling DNS query logging enhances security and compliance by providing greater visibility into DNS activity. The logs capture details such as the queried domain or subdomain, timestamp of the query, DNS record type, and response code. When this feature is enabled, Route 53 delivers the log files to Amazon CloudWatch Logs for further analysis and monitoring.

Remediation

For guidance regarding Route53 query logging, refer to the Configuring logging for DNS queries section of the Amazon Route 53 Developer Guide.