How to check for domain activity before decommissioning
Overview
Before fully decommissioning a domain, it’s important to confirm that the domain has been inactive for a period of time.
To do this, it is possible to create a graphed view of DNS queries for a particular domain using CloudWatch in AWS.
Finding the ID of the Domain in Question
Before creating a graphed view, we first need to identify the Hosted Zone ID of the domain in question.
We will be using ‘prisons-service.com’ as an example here.
- Navigate to Route53, select the ‘Hosted Zones’ page in the navigation pane and search for the domain to be decommissioned:
- On the right hand side of the results, you will notice the Hosted Zone ID - copy this value.
Creating a Graphed View of the Data in CloudWatch
Now we have the Hosted Zone ID, we can check for DNS query activity on that particular domain.
- Navigate to CloudWatch on AWS.
- In the navigation pane, select Metrics -> All Metrics and then select the Route53 tile:
- From here we can continue to the Hosted Zone Metrics page and paste the Hosted Zone ID we previously copied.
- Once the zone has been isolated, we just need to select the checkbox on the left to create our initial view of the data:
Tweaking the Graph for a Better View
Now we have our initial view of the data, we can navigate to the Graphed View tab and tweak the settings for a more informative view. I’d recommend the following settings:
- Timespan = 3 Months
- View = Stacked Area
- Statistic = Sum
- Period = 6 Hours
You should end up with something like this:
These settings are personal preference - the important part is being able to determine that the domain hasn’t been hit for an extended period of time.
The general rule here is that if the domain has been inactive for 1 month, it should be safe to continue with the decommissioning process.