Help Center/ Log Tank Service/ User Guide/ Log Ingestion/ Self-Built Middleware (Beta)/ DNS Logs
Updated on 2025-03-28 GMT+08:00
View PDF
Share

DNS Logs

Domain Name System (DNS) is an Internet service. It functions as a distributed database that maps domain names to IP addresses, facilitating more convenient access to online resources. When you enter a domain name in a browser, the DNS resolves the domain name to the corresponding IP address so that the computer can find the correct server and obtain the required information.

DNS logs record activities related to the DNS. They contain information about domain name resolution requests, responses, and possible errors. By analyzing DNS logs, you can learn about domain name resolution on networks, locate network problems, monitor network activities, and analyze security.

The DNS supports multiple record types. Each type stores different types of information. The most common record types are as follows:

  • A record: maps a domain name to an IPv4 address.
  • AAAA record: maps a domain name to an IPv6 address.
  • CNAME record: maps a domain name to another domain name.
  • MX record: specifies the IP address and priority of a mail server.
  • NS record: specifies the DNS server that resolves a domain name.
  • SOA record: contains information about the DNS zone, such as the email address of the zone administrator and the serial number of the zone.

Collection Method

Install ICAgent and configure ECS text log ingestion by referring to Installing ICAgent (Intra-Region Hosts) and Ingesting ECS Text Logs to LTS. Then, ICAgent will collect ECS text logs and report them to LTS.

DNS Log Examples and Fields

Log example: 2023-07-10 14:30:25 INFO client 192.168.2.50 query: example.org IN A

Log description: At 14:30:25 on July 10, 2023, the client with the IP address 192.168.2.50 initiated an A record query for example.org.

Field description:

  • 2023-07-10 14:30:25: indicates the time when the event occurred.
  • client 192.168.2.50: indicates the IP address of the client that initiated the query.
  • query: indicates a query operation.
  • example.org: indicates the domain name to be queried.
  • IN A: indicates that an A record (IPv4 address record) is queried.