Skip to main content

How to check for domain activity before decommissioning

Overview

Before fully decommissioning a domain, it’s important to confirm that the domain has been inactive for a period of time.

To do this, it is possible to create a graphed view of DNS queries for a particular domain using CloudWatch in AWS.

Finding the ID of the Domain in Question

Before creating a graphed view, we first need to identify the Hosted Zone ID of the domain in question.

We will be using ‘prisons-service.com’ as an example here.

  1. Navigate to Route53, select the ‘Hosted Zones’ page in the navigation pane and search for the domain to be decommissioned:

Search Hosted Zone

  1. On the right hand side of the results, you will notice the Hosted Zone ID - copy this value.

Creating a Graphed View of the Data in CloudWatch

Now we have the Hosted Zone ID, we can check for DNS query activity on that particular domain.

  1. Navigate to CloudWatch on AWS.
  2. In the navigation pane, select Metrics -> All Metrics and then select the Route53 tile:

Isolate the Domain in CloudWatch

  1. From here we can continue to the Hosted Zone Metrics page and paste the Hosted Zone ID we previously copied.
  2. Once the zone has been isolated, we just need to select the checkbox on the left to create our initial view of the data:

Create Initial Graph

Tweaking the Graph for a Better View

Now we have our initial view of the data, we can navigate to the Graphed View tab and tweak the settings for a more informative view. I’d recommend the following settings:

  • Timespan = 3 Months
  • View = Stacked Area
  • Statistic = Sum
  • Period = 6 Hours

You should end up with something like this:

Create Initial Graph

These settings are personal preference - the important part is being able to determine that the domain hasn’t been hit for an extended period of time.

The general rule here is that if the domain has been inactive for 1 month, it should be safe to continue with the decommissioning process.

This page was last reviewed on 5 November 2024. It needs to be reviewed again on 5 February 2025 by the page owner #operations-engineering-alerts .