diff --git a/.changelog/6605.txt b/.changelog/6605.txt
new file mode 100644
index 0000000000..31d87f33d2
--- /dev/null
+++ b/.changelog/6605.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+dns: Added general field `cloud_logging_config` to `google_dns_managed_zone`
+```
diff --git a/google/resource_dns_managed_zone.go b/google/resource_dns_managed_zone.go
index 50c2c3a44a..3a676e30c8 100644
--- a/google/resource_dns_managed_zone.go
+++ b/google/resource_dns_managed_zone.go
@@ -57,6 +57,22 @@ func resourceDNSManagedZone() *schema.Resource {
 				Description: `User assigned name for this resource.
 Must be unique within the project.`,
 			},
+			"cloud_logging_config": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Optional:    true,
+				Description: `Cloud logging configuration`,
+				MaxItems:    1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"enable_logging": {
+							Type:        schema.TypeBool,
+							Required:    true,
+							Description: `If set, enable query logging for this ManagedZone. False by default, making logging opt-in.`,
+						},
+					},
+				},
+			},
 			"description": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -378,6 +394,12 @@ func resourceDNSManagedZoneCreate(d *schema.ResourceData, meta interface{}) erro
 	} else if v, ok := d.GetOkExists("peering_config"); !isEmptyValue(reflect.ValueOf(peeringConfigProp)) && (ok || !reflect.DeepEqual(v, peeringConfigProp)) {
 		obj["peeringConfig"] = peeringConfigProp
 	}
+	cloudLoggingConfigProp, err := expandDNSManagedZoneCloudLoggingConfig(d.Get("cloud_logging_config"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("cloud_logging_config"); !isEmptyValue(reflect.ValueOf(cloudLoggingConfigProp)) && (ok || !reflect.DeepEqual(v, cloudLoggingConfigProp)) {
+		obj["cloudLoggingConfig"] = cloudLoggingConfigProp
+	}
 
 	url, err := replaceVars(d, config, "{{DNSBasePath}}projects/{{project}}/managedZones")
 	if err != nil {
@@ -491,6 +513,9 @@ func resourceDNSManagedZoneRead(d *schema.ResourceData, meta interface{}) error
 	if err := d.Set("peering_config", flattenDNSManagedZonePeeringConfig(res["peeringConfig"], d, config)); err != nil {
 		return fmt.Errorf("Error reading ManagedZone: %s", err)
 	}
+	if err := d.Set("cloud_logging_config", flattenDNSManagedZoneCloudLoggingConfig(res["cloudLoggingConfig"], d, config)); err != nil {
+		return fmt.Errorf("Error reading ManagedZone: %s", err)
+	}
 
 	return nil
 }
@@ -565,6 +590,12 @@ func resourceDNSManagedZoneUpdate(d *schema.ResourceData, meta interface{}) erro
 	} else if v, ok := d.GetOkExists("peering_config"); !isEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, peeringConfigProp)) {
 		obj["peeringConfig"] = peeringConfigProp
 	}
+	cloudLoggingConfigProp, err := expandDNSManagedZoneCloudLoggingConfig(d.Get("cloud_logging_config"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("cloud_logging_config"); !isEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, cloudLoggingConfigProp)) {
+		obj["cloudLoggingConfig"] = cloudLoggingConfigProp
+	}
 
 	obj, err = resourceDNSManagedZoneUpdateEncoder(d, meta, obj)
 	if err != nil {
@@ -980,6 +1011,23 @@ func flattenDNSManagedZonePeeringConfigTargetNetworkNetworkUrl(v interface{}, d
 	return v
 }
 
+func flattenDNSManagedZoneCloudLoggingConfig(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	if v == nil {
+		return nil
+	}
+	original := v.(map[string]interface{})
+	if len(original) == 0 {
+		return nil
+	}
+	transformed := make(map[string]interface{})
+	transformed["enable_logging"] =
+		flattenDNSManagedZoneCloudLoggingConfigEnableLogging(original["enableLogging"], d, config)
+	return []interface{}{transformed}
+}
+func flattenDNSManagedZoneCloudLoggingConfigEnableLogging(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	return v
+}
+
 func expandDNSManagedZoneDescription(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
 	return v, nil
 }
@@ -1285,6 +1333,29 @@ func expandDNSManagedZonePeeringConfigTargetNetworkNetworkUrl(v interface{}, d T
 	return ConvertSelfLinkToV1(url), nil
 }
 
+func expandDNSManagedZoneCloudLoggingConfig(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	l := v.([]interface{})
+	if len(l) == 0 || l[0] == nil {
+		return nil, nil
+	}
+	raw := l[0]
+	original := raw.(map[string]interface{})
+	transformed := make(map[string]interface{})
+
+	transformedEnableLogging, err := expandDNSManagedZoneCloudLoggingConfigEnableLogging(original["enable_logging"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedEnableLogging); val.IsValid() && !isEmptyValue(val) {
+		transformed["enableLogging"] = transformedEnableLogging
+	}
+
+	return transformed, nil
+}
+
+func expandDNSManagedZoneCloudLoggingConfigEnableLogging(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
 func resourceDNSManagedZoneUpdateEncoder(d *schema.ResourceData, meta interface{}, obj map[string]interface{}) (map[string]interface{}, error) {
 	// The upstream update method (https://cloud.google.com/dns/docs/reference/v1/managedZones/update)
 	// requires the full ManagedZones object, therefore, we need to keep some input only values in the struct
diff --git a/google/resource_dns_managed_zone_generated_test.go b/google/resource_dns_managed_zone_generated_test.go
index 1f88f1ee86..f2a6a6aec6 100644
--- a/google/resource_dns_managed_zone_generated_test.go
+++ b/google/resource_dns_managed_zone_generated_test.go
@@ -311,6 +311,47 @@ resource "google_compute_network" "network-target" {
 `, context)
 }
 
+func TestAccDNSManagedZone_dnsManagedZoneCloudLoggingExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": randString(t, 10),
+	}
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckDNSManagedZoneDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDNSManagedZone_dnsManagedZoneCloudLoggingExample(context),
+			},
+			{
+				ResourceName:      "google_dns_managed_zone.cloud-logging-enabled-zone",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccDNSManagedZone_dnsManagedZoneCloudLoggingExample(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_dns_managed_zone" "cloud-logging-enabled-zone" {
+  name        = "tf-test-cloud-logging-enabled-zone%{random_suffix}"
+  dns_name    = "services.example.com."
+  description = "Example cloud logging enabled DNS zone"
+  labels = {
+    foo = "bar"
+  }
+
+  cloud_logging_config {
+    enable_logging = true
+  }
+}
+`, context)
+}
+
 func testAccCheckDNSManagedZoneDestroyProducer(t *testing.T) func(s *terraform.State) error {
 	return func(s *terraform.State) error {
 		for name, rs := range s.RootModule().Resources {
diff --git a/google/resource_dns_managed_zone_test.go b/google/resource_dns_managed_zone_test.go
index 7b6ff93b7b..20f478d79a 100644
--- a/google/resource_dns_managed_zone_test.go
+++ b/google/resource_dns_managed_zone_test.go
@@ -151,6 +151,44 @@ func TestAccDNSManagedZone_privateForwardingUpdate(t *testing.T) {
 	})
 }
 
+func TestAccDNSManagedZone_cloudLoggingConfigUpdate(t *testing.T) {
+	t.Parallel()
+
+	zoneSuffix := randString(t, 10)
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckDNSManagedZoneDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDnsManagedZone_cloudLoggingConfig_basic(zoneSuffix),
+			},
+			{
+				ResourceName:      "google_dns_managed_zone.foobar",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccDnsManagedZone_cloudLoggingConfig_update(zoneSuffix, true),
+			},
+			{
+				ResourceName:      "google_dns_managed_zone.foobar",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccDnsManagedZone_cloudLoggingConfig_update(zoneSuffix, false),
+			},
+			{
+				ResourceName:      "google_dns_managed_zone.foobar",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func TestAccDNSManagedZone_forceDestroy(t *testing.T) {
 	//t.Parallel()
 
@@ -379,6 +417,36 @@ resource "google_compute_network" "network-1" {
 `, suffix, first_nameserver, first_forwarding_path, second_nameserver, second_forwarding_path, suffix)
 }
 
+func testAccDnsManagedZone_cloudLoggingConfig_basic(suffix string) string {
+	return fmt.Sprintf(`
+resource "google_dns_managed_zone" "foobar" {
+  name        = "mzone-test-%s"
+  dns_name    = "tf-acctest-%s.hashicorptest.com."
+  description = "Example DNS zone"
+  labels = {
+    foo = "bar"
+  }
+}
+`, suffix, suffix)
+}
+
+func testAccDnsManagedZone_cloudLoggingConfig_update(suffix string, enableCloudLogging bool) string {
+	return fmt.Sprintf(`
+resource "google_dns_managed_zone" "foobar" {
+  name        = "mzone-test-%s"
+  dns_name    = "tf-acctest-%s.hashicorptest.com."
+  description = "Example DNS zone"
+  labels = {
+    foo = "bar"
+  }
+
+  cloud_logging_config {
+    enable_logging = %t
+  }
+}
+`, suffix, suffix, enableCloudLogging)
+}
+
 func TestDnsManagedZoneImport_parseImportId(t *testing.T) {
 	zoneRegexes := []string{
 		"projects/(?P<project>[^/]+)/managedZones/(?P<name>[^/]+)",
diff --git a/website/docs/r/dns_managed_zone.html.markdown b/website/docs/r/dns_managed_zone.html.markdown
index ea6e76122e..f24a657fae 100644
--- a/website/docs/r/dns_managed_zone.html.markdown
+++ b/website/docs/r/dns_managed_zone.html.markdown
@@ -214,6 +214,28 @@ resource "google_compute_network" "network" {
   auto_create_subnetworks = false
 }
 ```
+<div class = "oics-button" style="float: right; margin: 0 0 -15px">
+  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=dns_managed_zone_cloud_logging&cloudshell_image=gcr.io%2Fgraphite-cloud-shell-images%2Fterraform%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
+    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
+  </a>
+</div>
+## Example Usage - Dns Managed Zone Cloud Logging
+
+
+```hcl
+resource "google_dns_managed_zone" "cloud-logging-enabled-zone" {
+  name        = "cloud-logging-enabled-zone"
+  dns_name    = "services.example.com."
+  description = "Example cloud logging enabled DNS zone"
+  labels = {
+    foo = "bar"
+  }
+
+  cloud_logging_config {
+    enable_logging = true
+  }
+}
+```
 
 ## Argument Reference
 
@@ -283,6 +305,11 @@ The following arguments are supported:
   The presence of this field indicates that this zone is backed by Service Directory. The value of this field contains information related to the namespace associated with the zone.
   Structure is [documented below](#nested_service_directory_config).
 
+* `cloud_logging_config` -
+  (Optional)
+  Cloud logging configuration
+  Structure is [documented below](#nested_cloud_logging_config).
+
 * `project` - (Optional) The ID of the project in which the resource belongs.
     If it is not provided, the provider project is used.
 
@@ -416,6 +443,12 @@ The following arguments are supported:
   or simply `projects/{project}/locations/{location}/namespaces/{namespace_id}`
   Ignored for `public` visibility zones.
 
+<a name="nested_cloud_logging_config"></a>The `cloud_logging_config` block supports:
+
+* `enable_logging` -
+  (Required)
+  If set, enable query logging for this ManagedZone. False by default, making logging opt-in.
+
 ## Attributes Reference
 
 In addition to the arguments listed above, the following computed attributes are exported: