Monitoring hosted zones using Amazon CloudWatch
You can monitor your public hosted zones by using Amazon CloudWatch to collect and process raw data into readable, near real-time metrics. Metrics are available shortly after Route 53 receives the DNS queries that the metrics are based on. CloudWatch metric data for Route 53 hosted zones has a granularity of one minute.
For more information, see the following documentation
For an overview and information about how to view metrics in the Amazon CloudWatch console and how to retrieve metrics using the AWS Command Line Interface (AWS CLI), see Viewing DNS query metrics for a public hosted zone
For information about the retention period for metrics, see GetMetricStatistics in the Amazon CloudWatch API Reference.
For more information about CloudWatch, see What is Amazon CloudWatch? in the Amazon CloudWatch User Guide.
For more information about CloudWatch metrics, see Using Amazon CloudWatch metrics in the Amazon CloudWatch User Guide.
Topics
CloudWatch metric for Route 53 public hosted zones
The AWS/Route53
namespace includes the following metric for Route 53 hosted zones:
- DNSQueries
-
For all the records in a hosted zone, the number of DNS queries that Route 53 responds to in a specified time period.
Valid statistics: Sum, SampleCount
Units: Count
Region: Route 53 is a global service. To get hosted zone metrics, you must specify US East (N. Virginia) for the Region.
- DNSSECInternalFailure
-
Value is 1 if any object in the hosted zone is in an INTERNAL_FAILURE state. Otherwise, value is 0.
Valid statistics: N/A
Units: Count
Volume: 1 per hosted zone per day
Region: Route 53 is a global service. To get hosted zone metrics, you must specify US East (N. Virginia) for the Region.
- DNSSECKeySigningKeysNeedingAction
-
Number of key signing keys (KSKs) that have an ACTION_NEEDED state (due to KMS failure).
Valid statistics: Sum, SampleCount
Units: Count
Volume: 1 per hosted zone per day
Region: Route 53 is a global service. To get hosted zone metrics, you must specify US East (N. Virginia) for the Region.
- DNSSECKeySigningKeyMaxNeedingActionAge
-
Time elapsed since the key signing key (KSK) was set to the ACTION_NEEDED state.
Valid statistics: N/A
Units: Seconds
Volume: Up to 1 per hosted zone, per day
Region: Route 53 is a global service. To get hosted zone metrics, you must specify US East (N. Virginia) for the Region.
- DNSSECKeySigningKeyAge
-
The time elapsed since the key signing key (KSK) was created (not since it was activated).
Valid statistics: N/A
Units: Seconds
Volume: 1 per hosted zone, per day
Region: Route 53 is a global service. To get hosted zone metrics, you must specify US East (N. Virginia) for the Region.
CloudWatch dimension for Route 53 public hosted zone metrics
Route 53 metrics for hosted zones use the AWS/Route53
namespace and provide metrics for
HostedZoneId
. To get the number of DNS queries, you must specify the ID of the hosted zone in the
HostedZoneId
dimension.