Back to All Checks
Medium Route53 Regional

Route 53 public hosted zones should log DNS queries

NIST 800-53PCI DSS v4.0.1PCI DSS v10.4.2ISO 27001HIPAA

Description

Checks if DNS query logging is enabled for an Amazon Route 53 public hosted zone. The control fails if DNS query logging isn't enabled for a Route 53 public hosted zone.

Remediation

Enable Route 53 query logging for public hosted zones and send logs to CloudWatch Logs.

Steps

  1. Open the Amazon Route 53 console.
  2. Choose 'Hosted zones' and select the public hosted zone.
  3. Choose 'Create query logging config' and select a CloudWatch Logs log group.
  4. Save the configuration and verify logs are being delivered.

Compliance

NIST 800-53PCI DSS v4.0.1PCI DSS v10.4.2ISO 27001HIPAA
Start Your Free Security Check