How do I recover deleted DNS records from my Route 53 hosted zone?

2 minute read
0

I want to recover deleted DNS records from my Amazon Route 53 hosted zone.

Resolution

Check your CloudTrail event history

1.    Open the AWS CloudTrail console. Be sure that you're in the N. Virginia Region. Route 53 DNS service API calls are logged in this Region only.

2.    In the navigation pane, choose Event history.

3.    Choose the Event name filter.

4.    Enter the event name as ChangeResourceRecordSets.

You can now view all events that are logged when a DNS record is created, changed, or deleted. An event is in JSON format and provides information such as name, type, and TTL. To narrow your search, you can use the time filter.

Note: Different record types have different JSON syntax. For more information, see change-resource-record-sets.

Download CloudTrail events

If you're not sure when the DNS record was deleted, then you can download all events and filter the results using the DELETE action:

1.    Choose Download events.

2.    Choose Download as JSON.

3.    Search for the DELETE keyword, and then review the details about the deleted DNS record.

View CloudTrail events using the AWS CLI

Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you’re using the most recent AWS CLI version.

Use the lookup-events command to view the CloudTrail event history for the DELETE action:

aws cloudtrail lookup-events --lookup-attributes AttributeKey=EventName,AttributeValue=ChangeResourceRecordSets --region us-east-1 | grep "DELETE"

Use the details about the deleted DNS record to create the record in the desired Route 53 hosted zone.

Note: You can view event history for only the past 90 days. To view CloudTrail logs that are older than 90 days, create a trail. Then, send the logs to an Amazon Simple Storage Service (Amazon S3) bucket or to Amazon CloudWatch Logs. Note that it can take up to 15 minutes for events to be logged in CloudTrail.

AWS OFFICIAL
AWS OFFICIALUpdated a year ago