https://aws.amazon.com/premiumsupport/knowledge-center/route-53-recover-dns-record/
Last updated: 2021-04-29
I accidentally deleted DNS records from my Amazon Route 53 hosted zone. How do I recover them?
Short description
For information about deleted DNS records, check your AWS CloudTrail event history for the ChangeResourceRecordSets API call.
Resolution
Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you’re using the most recent AWS CLI version.
Check your CloudTrail event history
1. Open the CloudTrail console. Be sure that you’re in the N. Virginia Region. Route 53 DNS service API calls are logged in this Region only.
2. In the navigation pane, choose Event History.
3. Choose the Event name filter.
4. Enter the event name as ChangeResourceRecordSets.
You can now view all the events that are logged when a DNS record is created, changed, or deleted. An event is in JSON format, and provides information such as name, type, and TTL about the deleted record. To narrow your search, you can use the time filter.
Note: Different record types have different JSON syntax. For more information, see change-resource-record-sets.
Download CloudTrail events
If you’re not sure when the DNS record was deleted, you can download all events and filter the results using the DELETE action:
1. Choose Download events.
2. Choose Download as JSON.
3. Search for the DELETE keyword, and then review the details about the deleted DNS record.
View CloudTrail events using the AWS CLI
Use the lookup-events command to view the CloudTrail event history for the DELETE action:
aws cloudtrail lookup-events --lookup-attributes AttributeKey=EventName,AttributeValue=ChangeResourceRecordSets --region us-east-1 | grep "DELETE"When you have these details about the deleted DNS record, create the DNS record in the desired Route 53 hosted zone.
Note: You can view event history for only the past 90 days. To view CloudTrail logs that are older than 90 days, create a trail. Then, send the logs to an Amazon Simple Storage Service (Amazon S3) bucket or CloudWatch logs. Be aware that it can take about 15 minutes for events to be logged in CloudTrail.