教程:在 Azure DNS 中托管域Tutorial: Host your domain in Azure DNS

可以使用 Azure DNS 来托管 DNS 域并管理 DNS 记录。You can use Azure DNS to host your DNS domain and manage your DNS records. 通过在 Azure 中托管域,可以使用与其他 Azure 服务相同的凭据、API、工具和计费来管理 DNS 记录。By hosting your domains in Azure, you can manage your DNS records by using the same credentials, APIs, tools, and billing as your other Azure services.

例如,假设你从某个域名注册机构购买了域 contoso.net,然后在 Azure DNS 中创建了名为 contoso.net 的区域。Suppose you buy the domain contoso.net from a domain name registrar and then create a zone with the name contoso.net in Azure DNS. 由于你是域的所有者,因此,注册机构将为你提供选项来配置域的名称服务器 (NS) 记录。Because you're the owner of the domain, your registrar offers you the option to configure the name server (NS) records for your domain. 注册机构将这些 NS 记录存储在 .net 父区域中。The registrar stores the NS records in the .net parent zone. 然后,世界各地的 Internet 用户在尝试解析 contoso.net 中的 DNS 记录时,会被定向到 Azure DNS 区域中的域。Internet users around the world are then directed to your domain in your Azure DNS zone when they try to resolve DNS records in contoso.net.

在本教程中,你将了解如何执行以下操作:In this tutorial, you learn how to:

  • 创建 DNS 区域。Create a DNS zone.
  • 检索名称服务器的列表。Retrieve a list of name servers.
  • 委托域。Delegate the domain.
  • 验证委托是否正常工作。Verify the delegation is working.

如果没有 Azure 订阅,可在开始前创建一个 试用帐户If you don't have an Azure subscription, create a trial account before you begin.


必须有一个可以用来测试的域名,可以在 Azure DNS 中托管该域名。You must have a domain name available to test with that you can host in Azure DNS . 必须能够完全控制此域。You must have full control of this domain. 完全控制包括能够为域设置名称服务器 (NS) 记录。Full control includes the ability to set the name server (NS) records for the domain.

本教程中使用的示例域为 contoso.net,但请使用自己的域名。The example domain used for this tutorial is contoso.net, but use your own domain name.

创建 DNS 区域Create a DNS zone

  1. 转到 Azure 门户网站以创建 DNS 区域。Go to the Azure portal to create a DNS zone. 搜索并选择“DNS 区域” 。Search for and select DNS zones.

    DNS 区域

  2. 选择“创建 DNS 区域” 。Select Create DNS zone.

  3. 在“创建 DNS 区域”页上输入以下值,然后选择“创建”: On the Create DNS zone page, enter the following values, and then select Create:

    设置Setting Value 详细信息Details
    名称Name [你的域名][your domain name] 你购买的域名。The domain name you bought. 本教程使用 contoso.net 作为示例。This tutorial uses contoso.net as an example.
    订阅Subscription [订阅][Your subscription] 选择要在其中创建区域的订阅。Select a subscription to create the zone in.
    资源组Resource group 新建: contosoRGCreate new: contosoRG 创建资源组。Create a resource group. 资源组名称必须在所选订阅中唯一。The resource group name must be unique within the subscription that you selected.
    资源组的位置对 DNS 区域没有影响。The location of the resource group has no impact on the DNS zone. DNS 区域位置始终是“全局”,并且不会显示。The DNS zone location is always "global," and isn't shown.
    位置Location 中国东部China East

检索名称服务器Retrieve name servers

在将 DNS 区域委托给 Azure DNS 之前,需要知道区域的名称服务器。Before you can delegate your DNS zone to Azure DNS, you need to know the name servers for your zone. 每次创建区域时,Azure DNS 都会分配某个池中的名称服务器。Azure DNS allocates name servers from a pool each time a zone is created.

  1. 创建 DNS 区域以后,在 Azure 门户的“收藏夹”窗格中选择“所有资源”。 With the DNS zone created, in the Azure portal Favorites pane, select All resources. 在“所有资源”页中,选择你的 DNS 区域。 On the All resources page, select your DNS zone. 如果所选订阅中已包含多个资源,则可在“按名称筛选”框中输入你的域名,轻松访问应用程序网关 。If the subscription that you selected already has several resources in it, you can enter your domain name in the Filter by name box to easily access the application gateway.

  2. 从“DNS 区域”页中检索名称服务器。Retrieve the name servers from the DNS zone page. 在本示例中,为区域 contoso.net 分配了名称服务器 ns1-01.azure-dns.cn、ns2-01.azure-dns.cn、ns3-01.azure-dns.cn 和 ns4-01.azure-dns.cn :In this example, the zone contoso.net has been assigned name servers ns1-01.azure-dns.cn, ns2-01.azure-dns.cn, ns3-01.azure-dns.cn, and ns4-01.azure-dns.cn:


Azure DNS 自动在你的区域中为所分配的名称服务器创建权威 NS 记录。Azure DNS automatically creates authoritative NS records in your zone for the assigned name servers.

委托域Delegate the domain

创建 DNS 区域且有了名称服务器以后,需使用 Azure DNS 名称服务器更新父域。Now that the DNS zone is created and you have the name servers, you need to update the parent domain with the Azure DNS name servers. 每个注册机构都有自身的 DNS 管理工具,可以更改域的名称服务器记录。Each registrar has its own DNS management tools to change the name server records for a domain.

  1. 在注册机构的 DNS 管理页中,编辑 NS 记录并将 NS 记录替换为 Azure DNS 名称服务器。In the registrar's DNS management page, edit the NS records and replace the NS records with the Azure DNS name servers.

  2. 将域委托给 Azure DNS 时,必须使用 Azure DNS 提供的名称服务器。When you delegate a domain to Azure DNS, you must use the name servers that Azure DNS provides. 使用所有 4 个名称服务器,不管域名是什么。Use all four name servers, regardless of the name of your domain. 域委托不需要名称服务器即可使用相同的顶级域作为域。Domain delegation doesn't require a name server to use the same top-level domain as your domain.


复制每个名称服务器地址时,请确保复制地址末尾的尾随句点。When you copy each name server address, make sure you copy the trailing period at the end of the address. 尾随句点表示完全限定域名的结束。The trailing period indicates the end of a fully qualified domain name. 如果 NS 名称末尾没有句点,一些注册机构会追加句点。Some registrars append the period if the NS name doesn't have it at the end. 若要符合 DNS RFC,请包括尾随句点。To be compliant with the DNS RFC, include the trailing period.

Azure DNS 目前不支持使用你自己区域中的名称服务器的委托(有时称为“虚构名称服务器”) 。Delegations that use name servers in your own zone, sometimes called vanity name servers, aren't currently supported in Azure DNS.

验证委托Verify the delegation

完成委托后,可以使用 nslookup 等工具来查询区域的授权起始点 (SOA) 记录,验证名称解析是否正常工作 。After you complete the delegation, you can verify that it's working by using a tool such as nslookup to query the Start of Authority (SOA) record for your zone. SOA 记录是在创建区域时自动创建的。The SOA record is automatically created when the zone is created. 在完成委托后,你可能需要等待 10 分钟或更长时间,然后才能成功验证它是否正常工作。You might need to wait 10 minutes or more after you complete the delegation, before you can successfully verify that it's working. 更改可能需要花费一段时间才能通过 DNS 系统进行传播。It can take a while for changes to propagate through the DNS system.

无需指定 Azure DNS 名称服务器。You don't have to specify the Azure DNS name servers. 如果正确设置了委托,正常的 DNS 解析过程会自动找到名称服务器。If the delegation is set up correctly, the normal DNS resolution process finds the name servers automatically.

  1. 从命令提示符下,输入类似于以下示例的 nslookup 命令:From a command prompt, enter an nslookup command similar to the following example:

    nslookup -type=SOA contoso.net
  2. 验证响应是否类似于以下 nslookup 输出:Verify that your response looks similar to the following nslookup output:

    Server: ns1-04.azure-dns.cn
    primary name server = ns1-04.azure-dns.cn
    responsible mail addr = msnhst.microsoft.com
    serial = 1
    refresh = 900 (15 mins)
    retry = 300 (5 mins)
    expire = 604800 (7 days)
    default TTL = 300 (5 mins)

清理资源Clean up resources

如果打算继续执行下一教程,可以保留 contosoRG 资源组。You can keep the contosoRG resource group if you intend to do the next tutorial. 否则,请删除 contosoRG 资源组以删除在本教程中创建的资源。Otherwise, delete the contosoRG resource group to delete the resources created in this tutorial.

  • 选择“contosoRG”资源组,然后选择“删除资源组” 。Select the contosoRG resource group, and then select Delete resource group.

