NOTE: this is for [R53 Resolver Query Logs](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-query-logs.html), not for [Public DNS Query Logging](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/query-logs.html)
Top 10 DNS names queried
stats count(*) as numRequests by query_name
| sort numRequests desc
| limit 10
What is the purpose of this query?
Pulls the amount of DNS queries per domain on Resolver Query Logging configuration and lists the top 10 in descendant order
How do I use this query?
Use this query to know what are the most resolved domains on the selected Route 53 Resolver Query Logging Log Group. Each Query Logging configuration could cover a single or multiple VPCs in a region.
Top 10 talkers
stats count(*) as numRequests by srcaddr
| sort numRequests desc
| limit 10
What is the purpose of this query?
Pulls the top generators of DNS queries on Route 53 Resolver and lists the top 10 in descendant order.
How do I use this query?
Use this query to know what are the top talkers (the clients doing the most queries) on Route 53 Resolver. Each Query Logging configuration could cover a single or multiple VPCs in a region.
Top queried DNS names per source IP
stats count(*) as numRequests by query_name, srcaddr
| sort numRequests desc
| limit 10
What is the purpose of this query?
Pulls the top queried DNS names and groups them by source IP, listing the top 10 in descendant order.
How do I use this query?
Use this query to know what are the top talkers (the clients doing the most queries) for the top queried domains on Route 53 Resolver. Can be useful to get an idea of which hosts are generating the most queries for the top-queried domains. Each Query Logging configuration could cover a single or multiple VPCs in a region.
Top queried DNS names per source IP
stats count(*) as numRequests by query_name, srcaddr
| sort numRequests desc
| filter firewall_rule_action = "ALERT"
| limit 10
What is the purpose of this query?
Pulls the top queried DNS names and groups them by source IP, but only for those domains being flagged as ALERT by the Route 53 DNS Firewall, listing the top 10 in descendant order.
How do I use this query?
Use this query to know what are the top talkers (the clients doing the most queries) for the top queried ALERT-flagged domains on Route 53 Resolver. Can be useful to get an idea of which hosts are generating the most queries for those domains being flagged as ALERT by the DNS Firewall. Each Query Logging configuration could cover a single or multiple VPCs in a region.
NOTE: this is for [R53 Resolver Query Logs](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-query-logs.html), not for [Public DNS Query Logging](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/query-logs.html)Top 10 DNS names queried
What is the purpose of this query?
Pulls the amount of DNS queries per domain on Resolver Query Logging configuration and lists the top 10 in descendant order
How do I use this query?
Use this query to know what are the most resolved domains on the selected Route 53 Resolver Query Logging Log Group. Each Query Logging configuration could cover a single or multiple VPCs in a region.
Top 10 talkers
What is the purpose of this query?
Pulls the top generators of DNS queries on Route 53 Resolver and lists the top 10 in descendant order.
How do I use this query?
Use this query to know what are the top talkers (the clients doing the most queries) on Route 53 Resolver. Each Query Logging configuration could cover a single or multiple VPCs in a region.
Top queried DNS names per source IP
What is the purpose of this query?
Pulls the top queried DNS names and groups them by source IP, listing the top 10 in descendant order.
How do I use this query?
Use this query to know what are the top talkers (the clients doing the most queries) for the top queried domains on Route 53 Resolver. Can be useful to get an idea of which hosts are generating the most queries for the top-queried domains. Each Query Logging configuration could cover a single or multiple VPCs in a region.
Top queried DNS names per source IP
What is the purpose of this query?
Pulls the top queried DNS names and groups them by source IP, but only for those domains being flagged as
ALERTby the Route 53 DNS Firewall, listing the top 10 in descendant order.How do I use this query?
Use this query to know what are the top talkers (the clients doing the most queries) for the top queried ALERT-flagged domains on Route 53 Resolver. Can be useful to get an idea of which hosts are generating the most queries for those domains being flagged as ALERT by the DNS Firewall. Each Query Logging configuration could cover a single or multiple VPCs in a region.