Private DNS Logging

You can use the Oracle Cloud Infrastructure Logging service to enable logging of private DNS resolvers.

Logs provide detailed private DNS query/response activity, letting you more easily troubleshoot, monitor and analyze private DNS resolver functionality.

Before you start using Oracle Cloud Infrastructure Logging:

• Get familiar with basic concepts and terminology used in the OCI Logging service. See Logging Overview in the OCI Logging documentation.

• Be aware that Logging is only available for private DNS within a virtual cloud network (VCN) and not for Public DNS. See Details for Private DNS Resolver Logs for more about the contents of these logs.

• Create a group to manage access to log groups and log content. See Creating a Group in the OCI IAM with Identity Domains documentation.

• Add the policy to enable management of logging on private DNS resolvers.

  Replace <group-name> with the group or specific user you want to grant permissions to. Replace <compartment-name> with the compartment that the private DNS resolver resides in.

  Allow group <group-name> to use dns-resolvers in compartment <compartment-name>

• Add the policies to let you create log groups and log content in OCI Logging. Replace <group-name> with the group or specific user you want to grant permissions to. Replace <compartment-name> with the compartment that log group or content resides in.

  allow group <group-name> to manage log-groups in compartment <compartment-name>
  allow group <group-name> to manage log-content in compartment <compartment-name>

Enabling and viewing logs

These instructions describe how to enable and view private DNS resolver logs directly from the VCN details page. For instructions about working with logs from the Logging service, see Enabling Logging for a Resource and Getting a Log's Details.

• Enabling logs using the Console
• Viewing logs using the Console