Resolution logs - HTTPDNS - Alibaba Cloud Documentation Center

This topic describes how to enable resolution logs and forward them to Alibaba Cloud Simple Log Service (SLS). This enables long-term storage, multi-dimensional analysis, and auditing of your logs.

Configure permissions for a RAM user

Important

By default, Resource Access Management (RAM) users do not have the permissions to enable resolution logs. The parent Alibaba Cloud account must grant the required permissions to the RAM user.

Grant permissions

Log on to the RAM console. In the navigation pane on the left, choose Identity > Users. Find the RAM user.
Click Add Permissions and grant the following permissions:
- AliyunHTTPDNSFullAccess (full permissions for HTTPDNS)
- AliyunLogFullAccess (full permissions for Simple Log Service)
- AliyunRAMFullAccess (for role authorization operations)
After you save the settings, the RAM user can enable resolution logs.

Go to the page

Log on to the EMAS console.
Select the HTTPDNS product. In the navigation pane on the left, choose Operation Center > Resolution Logs.

Activate and enable resolution logs

Step 1: Activate Simple Log Service (SLS)

If Simple Log Service is not activated for your Alibaba Cloud account, you must activate it before you can use the resolution logs feature.

On the Resolution Logs page, click Activate Now. On the Simple Log Service page that appears, read and select the Terms of Service, and then click Activate Now. After you activate Simple Log Service, return to the Resolution Logs tab.

Note

If Simple Log Service is already activated for your Alibaba Cloud account, skip this step.

Step 2: Grant role authorization

If you have not granted role authorization, you must do so before you can use the resolution logs feature.

On the Resolution Logs page, if you have not granted authorization, a prompt for role authorization appears. Click Authorize in the prompt. You are redirected to the quick authorization page of RAM. On this page, verify the authorization information and click Confirm Authorization.

Note

If you have already granted role authorization for your Alibaba Cloud account, skip this step.

Step 3: Enable resolution logs

On the Resolution Logs page, click Enable Delivery and confirm the action in the dialog box that appears.

Note

After you enable this feature, HTTPDNS resolution logs are stored in Simple Log Service, where you can view and analyze the data. Simple Log Service is a paid service. For more information, see Billing items for the pay-by-feature billing method.

View forwarded logs

After you enable this feature, the system collects and forwards resolution logs to SLS in real time. You can view the log details in the console.

Field	Description	Example
status	The request status. `success` indicates that an IP address was resolved. failed indicates that no IP address was resolved. For the reason, see the error_code field.	`success`
error_code	The request error code. `none` indicates a successful resolution or an unknown error. For more information about error codes, see 6.2 Response Code Description and 6.3 No IP Indicator Codes.	`none`
http_scheme	The protocol type. This identifies the HTTPDNS request protocol used, such as `HTTP`, `HTTPS`, or `DOH`.	`DOH`
domain	The destination domain name of the resolution request.	`www.aliyun.com`
client_ip	The client IP address that is passed to the authoritative DNS server. By default, this is the public IP address of the client device.	`106.11.XX.XXX`
ips	The list of IP addresses returned by HTTPDNS. Multiple IP addresses are separated by commas.	`3.33.XXX.190,15.197.XXX.33`
cost	The time taken by the server to process the resolution request.	`457ms`
encryption	The content encryption method used for the resolution request parameters (not transport-layer encryption such as HTTPS). `plain` indicates plaintext, and `aes` indicates ciphertext.	`plain`
os	The client operating system, such as `Android`, `iOS`, or `HarmonyOS`. For custom requests or unknown systems, the value may be `Unknown`.	`Unknown`
query	The DNS query type. Common types include `A` (IPv4), `AAAA` (IPv6), and `HTTPS` (SVCB).	`A`
remote_ip	The public IP address of the request as seen by the HTTPDNS server.	`106.11.63.180`
sdk_version	The HTTPDNS SDK version number. For requests not made using the SDK, the value of sdk_version is `none`.	`none`
sid	The session ID of the SDK. It is regenerated each time the application restarts. For requests not made using the SDK, the value of sid is `none`.	`none`
signed	Indicates whether signature verification was performed on the request. `true` indicates that signature verification was performed. `false` indicates that signature verification was not performed.	`false`
time	The time when the server finished processing the request.	`2025-10-27 15:21:51`
account_id	The ID of the account used to access HTTPDNS.	`139450`
user_agent	The User-Agent identifier of the client.	`Curl`

Disable resolution logs

To disable resolution logging, click the Close button.
A confirmation dialog box appears. Click Confirm to disable the feature.

FAQ

The interface prompts "Logstore index not enabled"

Cause: When a project is created for the first time, a delay in index initialization can occur. This is expected behavior.
Solution: Wait a few minutes and then refresh the page. No manual intervention is required.

project xxx has been forbidden

Cause: The corresponding log project has been deleted and moved to the recycle bin.
Solution: Log on to the Simple Log Service console. Go to the recycle bin, find the deleted project, and click Recover.

Project does not exist

Cause: The project configuration is invalid or the project was not created successfully.
Solution: On the Resolution Logs page, click Close and then enable the feature again.