本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。 # Route 53 解析程式查詢日誌的範例查詢 Amazon Route 53 解析程式查詢日誌會追蹤 Amazon VPC 內資源所做的 DNS 查詢。訂閱者可以查詢 Route 53 解析程式查詢日誌,以了解下列類型的資訊: 以下是AWS來源版本 2 的 Route 53 reesolver 查詢日誌的一些範例查詢: **過去 7 天內來自 CloudTrail 的 DNS 查詢清單** ``` SELECT time_dt, src_endpoint.instance_uid, src_endpoint.ip, src_endpoint.port, query.hostname, rcode FROM "amazon_security_lake_glue_db_us_east_1"."amazon_security_lake_table_us_east_1_route53_2_0" WHERE time_dt BETWEEN CURRENT_TIMESTAMP - INTERVAL '7' DAY AND CURRENT_TIMESTAMP ORDER BY time DESC LIMIT 25 ``` **`s3.amazonaws.com`過去 7 天內符合的 DNS 查詢清單** ``` SELECT time_dt, src_endpoint.instance_uid, src_endpoint.ip, src_endpoint.port, query.hostname, rcode, answers FROM "amazon_security_lake_glue_db_us_east_1"."amazon_security_lake_table_us_east_1_route53_2_0" WHERE query.hostname LIKE 's3.amazonaws.com.' and time_dt BETWEEN CURRENT_TIMESTAMP - INTERVAL '7' DAY AND CURRENT_TIMESTAMP ORDER BY time DESC LIMIT 25 ``` **過去 7 天內未解析的 DNS 查詢清單** ``` SELECT time_dt, src_endpoint.instance_uid, src_endpoint.ip, src_endpoint.port, query.hostname, rcode, answers FROM "amazon_security_lake_glue_db_us_east_1"."amazon_security_lake_table_us_east_1_route53_2_0" WHERE cardinality(answers) = 0 and time_dt BETWEEN CURRENT_TIMESTAMP - INTERVAL '7' DAY AND CURRENT_TIMESTAMP LIMIT 25 ``` 在過去 7 天內**解析為 的 DNS 查詢清單 `192.0.2.1`** ``` SELECT time_dt, src_endpoint.instance_uid, src_endpoint.ip, src_endpoint.port, query.hostname, rcode, answer.rdata FROM "amazon_security_lake_glue_db_us_east_1"."amazon_security_lake_table_us_east_1_route53_2_0", UNNEST(answers) as st(answer) WHERE answer.rdata='192.0.2.1' AND time_dt BETWEEN CURRENT_TIMESTAMP - INTERVAL '7' DAY AND CURRENT_TIMESTAMP LIMIT 25 ```