# Example queries for Route 53 resolver query logs Amazon Route 53 resolver query logs track DNS queries made by resources within your Amazon VPC. Subscribers can query Route 53 resolver query logs to learn the following types of information: Here are some example queries for Route 53 reesolver query logs for AWS source version 2: **List of DNS queries from CloudTrail in the last 7 days** ``` SELECT time_dt, src_endpoint.instance_uid, src_endpoint.ip, src_endpoint.port, query.hostname, rcode FROM "amazon_security_lake_glue_db_us_east_1"."amazon_security_lake_table_us_east_1_route53_2_0" WHERE time_dt BETWEEN CURRENT_TIMESTAMP - INTERVAL '7' DAY AND CURRENT_TIMESTAMP ORDER BY time DESC LIMIT 25 ``` **List of DNS queries that match `s3.amazonaws.com` in the last 7 days** ``` SELECT time_dt, src_endpoint.instance_uid, src_endpoint.ip, src_endpoint.port, query.hostname, rcode, answers FROM "amazon_security_lake_glue_db_us_east_1"."amazon_security_lake_table_us_east_1_route53_2_0" WHERE query.hostname LIKE 's3.amazonaws.com.' and time_dt BETWEEN CURRENT_TIMESTAMP - INTERVAL '7' DAY AND CURRENT_TIMESTAMP ORDER BY time DESC LIMIT 25 ``` **List of DNS queries that didn't resolve in the last 7 days** ``` SELECT time_dt, src_endpoint.instance_uid, src_endpoint.ip, src_endpoint.port, query.hostname, rcode, answers FROM "amazon_security_lake_glue_db_us_east_1"."amazon_security_lake_table_us_east_1_route53_2_0" WHERE cardinality(answers) = 0 and time_dt BETWEEN CURRENT_TIMESTAMP - INTERVAL '7' DAY AND CURRENT_TIMESTAMP LIMIT 25 ``` **List of DNS queries that resolved to `192.0.2.1`** in the last 7 days ``` SELECT time_dt, src_endpoint.instance_uid, src_endpoint.ip, src_endpoint.port, query.hostname, rcode, answer.rdata FROM "amazon_security_lake_glue_db_us_east_1"."amazon_security_lake_table_us_east_1_route53_2_0", UNNEST(answers) as st(answer) WHERE answer.rdata='192.0.2.1' AND time_dt BETWEEN CURRENT_TIMESTAMP - INTERVAL '7' DAY AND CURRENT_TIMESTAMP LIMIT 25 ```