VPC DNS logging AKA Route53 resolver query logging is now available in all commercial regions. How will this help you?
Let’s dig in!
One of the challenges for Enterprises to adopt Route53 as the primary DNS provider used to be the lack of DNS query logging. Since 2020, Amazon has been enabling DNS query logging on a region by region basis. With this most recent announcement, DNS queries to Route53 resolver can be logged in ALL commercial regions.
What does this mean?
You may recall that every AWS VPC comes with a DNS resolver. This is also referred to, as the .2 resolver (VPC CIDR start+2). Unless you explicitly choose to disable AmazonDNS in your VPC, this VPC resolver is responding to DNS queries for resources within your VPC. Amazon has been gradually rebranding this Route53 resolver.
“With Route 53 Resolver Query Logging, customers can log DNS queries and responses for queries originating from within their VPCs, whether those queries are answered locally by Route 53 Resolver, are resolved over the public internet, or are forwarded to on-premises DNS servers via Resolver Endpoints.”
Route53’s high availability and scalability are well documented with customers like Netflix. AWS has been constantly adding capabilities to Route53 to bring parity with traditional DNS services to become the primary DNS service not just in the cloud, but in Hybrid Network models as well.
We understand how complicated the hybrid network connectivity and cost models can be. Our experts can help you understand these implications starting with a free consultation.