如何使用 PowerShell 管理 DNS 区域How to manage DNS Zones using PowerShell
本文介绍如何使用 Azure PowerShell 管理 DNS 区域。This article shows you how to manage your DNS zones by using Azure PowerShell. 也可使用跨平台的 Azure CLI 或 Azure 门户管理 DNS 区域。You can also manage your DNS zones using the cross-platform Azure CLI or the Azure portal.
本指南专门介绍公共 DNS 区域。This guide specifically deals with Public DNS zones. 有关使用 Azure PowerShell 管理 Azure DNS 中专用区域的详细信息,请参阅通过 Azure PowerShell 开始使用 Azure DNS 专用区域。For information on using Azure PowerShell to manage Private Zones in Azure DNS, see Get started with Azure DNS Private Zones using Azure PowerShell.
DNS 区域用来托管某个特定域的 DNS 记录。A DNS zone is used to host the DNS records for a particular domain. 若要开始在 Azure DNS 中托管域,需要为该域名创建 DNS 区域。To start hosting your domain in Azure DNS, you need to create a DNS zone for that domain name. 随后会在此 DNS 区域内为每个 DNS 记录创建域。Each DNS record for your domain is then created inside this DNS zone.
例如,域“contoso.com”可能包含几条 DNS 记录,如“mail.contoso.com”(用于邮件服务器)和“www.contoso.com”(用于网站)。For example, the domain 'contoso.com' may contain several DNS records, such as 'mail.contoso.com' (for a mail server) and 'www.contoso.com' (for a web site).
在 Azure DNS 中创建 DNS 区域时:When creating a DNS zone in Azure DNS:
- 在资源组中,区域名称必须是唯一的,不能存在该域。The name of the zone must be unique within the resource group, and the zone must not exist already. 否则,操作会失败。Otherwise, the operation fails.
- 可在不同资源组或不同 Azure 订阅中重复使用同一区域名称。The same zone name can be reused in a different resource group or a different Azure subscription.
- 当多个区域共享相同的名称时,将为每个实例分配不同的名称服务器地址。Where multiple zones share the same name, each instance is assigned different name server addresses. 使用域名注册机构仅可配置一组地址。Only one set of addresses can be configured with the domain name registrar.
备注
不必拥有域名即可在 Azure DNS 中以该域名创建 DNS 区域。You do not have to own a domain name to create a DNS zone with that domain name in Azure DNS. 但是,需要拥有域才能通过域名注册机构将 Azure DNS 名称服务器配置为域名的正确名称服务器。However, you do need to own the domain to configure the Azure DNS name servers as the correct name servers for the domain name with the domain name registrar.
有关详细信息,请参阅 向 Azure DNS 委派域。For more information, see Delegate a domain to Azure DNS.
设置适用于 Azure DNS 的 Azure PowerShellSet up Azure PowerShell for Azure DNS
开始之前Before you begin
重要
使用 PowerShell 的 Azure 功能必须已安装 AzureRM 模块。Using this Azure feature from PowerShell requires the AzureRM module installed. 该模块是旧模块,仅适用于 Windows PowerShell 5.1,它不再接收新功能。This is an older module only available for Windows PowerShell 5.1 that no longer receives new features.
针对相同版本的 PowerShell 进行安装时,Az 和 AzureRM 模块不兼容。The Az and AzureRM modules are not compatible when installed for the same versions of PowerShell.
如果需要两个版本,请执行以下操作:If you need both versions:
- 在 PowerShell 5.1 会话中卸载 Az 模块。Uninstall the Az module from a PowerShell 5.1 session.
- 在 PowerShell 5.1 会话中安装 AzureRM 模块。Install the AzureRM module from a PowerShell 5.1 session.
- 下载并安装 PowerShell Core 6.x 或更高版本。Download and install PowerShell Core 6.x or later.
- 在 PowerShell Core 会话中安装 Az 模块。Install the Az module in a PowerShell Core session.
在开始配置之前,请确认你具备以下项。Verify that you have the following items before beginning your configuration.
- Azure 订阅。An Azure subscription. 如果还没有 Azure 订阅,可在开始前创建一个 试用订阅帐户。If you don't already have an Azure subscription, you can create a Trial Subscription account before you begin.
- 需安装最新版本的 Azure 资源管理器 PowerShell cmdlet。You need to install the latest version of the Azure Resource Manager PowerShell cmdlets. 有关详细信息,请参阅如何安装和配置 Azure PowerShell。For more information, see How to install and configure Azure PowerShell.
此外,若要使用专用区域(公共预览版),需确保具有以下 PowerShell 模块和版本。In addition, to use Private Zones (Public Preview), you need to ensure you have the below PowerShell modules and versions.
- AzureRM.Dns - 版本 4.1.0 或更高版本AzureRM.Dns - version 4.1.0 or above
- AzureRM.Network - 版本 5.4.0 或更高版本AzureRM.Network - version 5.4.0 or above
Find-Module -Name AzureRM.Dns
Find-Module -Name AzureRM.Network
上述命令的输出需要显示 AzureRM.Dns 的版本为 4.1.0 或以上,AzureRM.Network 的版本为 5.4.0 或以上。The output of the above commands needs to show that the version of AzureRM.Dns is 4.1.0 or higher version, and for AzureRM.Network is 5.4.0 or higher version.
如果系统中包含更低的版本,可以安装最新版本的 Azure PowerShell,或者使用“模块版本”旁边的链接,从 PowerShell 库下载并安装上述模块。In case your system has earlier versions, you can either install the latest version of Azure PowerShell, or download and install the above modules from the PowerShell Gallery, using the links above next to the Module versions. 然后,可以使用以下命令安装这些模块。You can then install them using the below commands. 这两个模块都是必需的,它们完全可向后兼容。Both the modules are required and are fully backwards compatible.
Install-Module -Name AzureRM.Dns -Force
Install-Module -Name AzureRM.Network -Force
登录到 Azure 帐户Sign in to your Azure account
打开 PowerShell 控制台并连接到帐户。Open your PowerShell console and connect to your account. 有关详细信息,请参阅使用 AzureRM 登录。For more information, see Sign in with AzureRM.
Connect-AzureRmAccount -EnvironmentName AzureChinaCloud
选择订阅Select the subscription
检查该帐户的订阅。Check the subscriptions for the account.
Get-AzureRmSubscription
选择要使用的 Azure 订阅。Choose which of your Azure subscriptions to use.
Select-AzureRmSubscription -SubscriptionName "your_subscription_name"
创建资源组Create a resource group
Azure 资源管理器要求所有资源组指定一个位置。Azure Resource Manager requires that all resource groups specify a location. 此位置将用作该资源组中的资源的默认位置。This location is used as the default location for resources in that resource group. 但是,由于所有 DNS 资源都是全局性而非区域性的,因此资源组位置的选择不会影响 Azure DNS。However, because all DNS resources are global, not regional, the choice of resource group location has no impact on Azure DNS.
如果使用现有资源组,可跳过此步骤。You can skip this step if you are using an existing resource group.
New-AzureRmResourceGroup -Name MyAzureResourceGroup -location "China East"
注册资源提供程序Register resource provider
Azure DNS 服务由 Microsoft.Network 资源提供程序管理。The Azure DNS service is managed by the Microsoft.Network resource provider. 使用 Azure DNS 前,必须将 Azure 订阅注册为使用此资源提供程序。Your Azure subscription must be registered to use this resource provider before you can use Azure DNS. 对每个订阅而言,这都是一次性操作。This is a one-time operation for each subscription.
Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Network
创建 DNS 区域Create a DNS zone
通过使用 New-AzureRmDnsZone cmdlet 创建 DNS 区域。A DNS zone is created by using the New-AzureRmDnsZone cmdlet.
以下示例在名为 MyResourceGroup 的资源组中创建名为 contoso.com 的 DNS 区域:The following example creates a DNS zone called contoso.com in the resource group called MyResourceGroup:
New-AzureRmDnsZone -Name contoso.com -ResourceGroupName MyAzureResourceGroup
以下示例演示如何使用两个 Azure 资源管理器标记(project = demo 和 env = test)创建 DNS 区域:The following example shows how to create a DNS zone with two Azure Resource Manager tags, project = demo and env = test:
New-AzureRmDnsZone -Name contoso.com -ResourceGroupName MyAzureResourceGroup -Tag @{ project="demo"; env="test" }
Azure DNS 还支持专用 DNS 区域。Azure DNS also supports private DNS zones. 若要详细了解专用 DNS 区域,请参阅将 Azure DNS 用于专用域。To learn more about private DNS zones, see Using Azure DNS for private domains. 有关如何创建专用 DNS 区域的示例,请参阅 Azure DNS 专用区域入门(使用 PowerShell)。For an example of how to create a private DNS zone, see Get started with Azure DNS private zones using PowerShell.
获取 DNS 区域Get a DNS zone
若要检索 DNS 区域,请使用 Get-AzureRmDnsZone cmdlet。To retrieve a DNS zone, use the Get-AzureRmDnsZone cmdlet. 此操作将返回与 Azure DNS 中现有区域相对应的 DNS 区域对象。This operation returns a DNS zone object corresponding to an existing zone in Azure DNS. 此对象包含有关区域的数据(例如记录集数),但不包含记录集本身(请参见 Get-AzureRmDnsRecordSet)。The object contains data about the zone (such as the number of record sets), but does not contain the record sets themselves (see Get-AzureRmDnsRecordSet).
Get-AzureRmDnsZone -Name contoso.com –ResourceGroupName MyAzureResourceGroup
Name : contoso.com
ResourceGroupName : myresourcegroup
Etag : 00000003-0000-0000-8ec2-f4879750d201
Tags : {project, env}
NameServers : {ns1-01.azure-dns.cn., ns2-01.azure-dns.cn., ns3-01.azure-dns.cn.,
ns4-01.azure-dns.cn.}
NumberOfRecordSets : 2
MaxNumberOfRecordSets : 5000
列出 DNS 区域List DNS zones
通过省略 Get-AzureRmDnsZone 中的区域名称,可以枚举资源组中的所有区域。By omitting the zone name from Get-AzureRmDnsZone, you can enumerate all zones in a resource group. 此操作将返回区域对象的数组。This operation returns an array of zone objects.
$zoneList = Get-AzureRmDnsZone -ResourceGroupName MyAzureResourceGroup
通过省略 Get-AzureRmDnsZone 的区域名和资源组名,可枚举 Azure 订阅中的所有区域。By omitting both the zone name and the resource group name from Get-AzureRmDnsZone, you can enumerate all zones in the Azure subscription.
$zoneList = Get-AzureRmDnsZone
更新 DNS 区域Update a DNS zone
可以使用 Set-AzureRmDnsZone 对 DNS 区域资源进行更改。Changes to a DNS zone resource can be made by using Set-AzureRmDnsZone. 此 cmdlet 不会更新区域中的任何 DNS 记录集(请参阅如何管理 DNS 记录)。This cmdlet does not update any of the DNS record sets within the zone (see How to Manage DNS records). 该操作仅可用于更新区域资源本身的属性。It's only used to update properties of the zone resource itself. 可写区域属性目前仅限于区域资源的 Azure 资源管理器“标记”。The writable zone properties are currently limited to the Azure Resource Manager ‘tags’ for the zone resource.
使用以下两种方式中的一种更新 DNS 区域:Use one of the following two ways to update a DNS zone:
指定使用区域名称和资源组的区域Specify the zone using the zone name and resource group
此方法使用指定值替换现有区域标记。This approach replaces the existing zone tags with the values specified.
Set-AzureRmDnsZone -Name contoso.com -ResourceGroupName MyAzureResourceGroup -Tag @{ project="demo"; env="test" }
指定使用 $zone 对象的区域Specify the zone using a $zone object
此方法检索现有区域对象、修改标记,并提交更改。This approach retrieves the existing zone object, modifies the tags, and then commits the changes. 如此一来,可保留现有标记。In this way, existing tags can be preserved.
# Get the zone object
$zone = Get-AzureRmDnsZone -Name contoso.com -ResourceGroupName MyAzureResourceGroup
# Remove an existing tag
$zone.Tags.Remove("project")
# Add a new tag
$zone.Tags.Add("status","approved")
# Commit changes
Set-AzureRmDnsZone -Zone $zone
使用 Set-AzureRmDnsZone 与 $zone 对象时,Etag 检查将用于确保不会覆盖并发更改。When using Set-AzureRmDnsZone with a $zone object, Etag checks are used to ensure concurrent changes are not overwritten. 可以使用可选的 -Overwrite 开关取消这些检查。You can use the optional -Overwrite switch to suppress these checks.
删除 DNS 区域Delete a DNS Zone
可以使用 Remove-AzureRmDnsZone cmdlet 删除 DNS 区域。DNS zones can be deleted using the Remove-AzureRmDnsZone cmdlet.
备注
删除 DNS 区域也会删除该区域中的所有 DNS 记录。Deleting a DNS zone also deletes all DNS records within the zone. 无法撤消此操作。This operation cannot be undone. 如果 DNS 区域在使用中,则使用该区域的服务在区域删除后将无效。If the DNS zone is in use, services using the zone will fail when the zone is deleted.
若要防止意外删除区域,请参阅如何保护 DNS 区域和记录。To protect against accidental zone deletion, see How to protect DNS zones and records.
使用以下两种方式中的一种删除 DNS 区域:Use one of the following two ways to delete a DNS zone:
指定使用区域名称和资源组的区域Specify the zone using the zone name and resource group name
Remove-AzureRmDnsZone -Name contoso.com -ResourceGroupName MyAzureResourceGroup
指定使用 $zone 对象的区域Specify the zone using a $zone object
可使用 Get-AzureRmDnsZone 返回的 $zone 对象指定要删除的区域。You can specify the zone to be deleted using a $zone object returned by Get-AzureRmDnsZone.
$zone = Get-AzureRmDnsZone -Name contoso.com -ResourceGroupName MyAzureResourceGroup
Remove-AzureRmDnsZone -Zone $zone
区域对象也可以通过管道输送,而不是作为参数传递:The zone object can also be piped instead of being passed as a parameter:
Get-AzureRmDnsZone -Name contoso.com -ResourceGroupName MyAzureResourceGroup | Remove-AzureRmDnsZone
和 Set-AzureRmDnsZone 一样,指定使用 $zone 对象的区域使 Etag 检查能够确保不会删除并发更改。As with Set-AzureRmDnsZone, specifying the zone using a $zone object enables Etag checks to ensure concurrent changes are not deleted. 使用 -Overwrite 开关取消这些检查。Use the -Overwrite switch to suppress these checks.
确认提示Confirmation prompts
New-AzureRmDnsZone、Set-AzureRmDnsZone 和 Remove-AzureRmDnsZone cmdlet 都支持确认提示。The New-AzureRmDnsZone, Set-AzureRmDnsZone, and Remove-AzureRmDnsZone cmdlets all support confirmation prompts.
如果 $ConfirmPreference PowerShell 首选项变量的值为 Medium 或更低,则 New-AzureRmDnsZone 和 Set-AzureRmDnsZone 都会提示用户进行确认。Both New-AzureRmDnsZone and Set-AzureRmDnsZone prompt for confirmation if the $ConfirmPreference PowerShell preference variable has a value of Medium or lower. 由于删除 DNS 区域存在的潜在影响力较大,如果 $ConfirmPreference PowerShell 变量拥有除 None 之外的其他值,则 Remove-AzureRmDnsZone cmdlet 会提示用户进行确认。Due to the potentially high impact of deleting a DNS zone, the Remove-AzureRmDnsZone cmdlet prompts for confirmation if the $ConfirmPreference PowerShell variable has any value other than None.
由于 $ConfirmPreference 的默认值为 High,则默认情况下仅 Remove-AzureRmDnsZone 会提示用户进行确认。Since the default value for $ConfirmPreference is High, only Remove-AzureRmDnsZone prompts for confirmation by default.
可以使用 -Confirm 参数重写当前的 $ConfirmPreference 设置。You can override the current $ConfirmPreference setting using the -Confirm parameter. 如果指定 -Confirm 或 -Confirm:$True,cmdlet 会在运行之前提示用户进行确认。If you specify -Confirm or -Confirm:$True , the cmdlet prompts you for confirmation before it runs. 如果指定 -Confirm:$False,cmdlet 不会提示用户进行确认。If you specify -Confirm:$False , the cmdlet does not prompt you for confirmation.
有关 -Confirm 和 $ConfirmPreference 的详细信息,请参阅 About Preference Variables(关于首选项变量)。For more information about -Confirm and $ConfirmPreference, see About Preference Variables.
后续步骤Next steps
了解如何在 DNS 区域中管理记录集和记录。Learn how to manage record sets and records in your DNS zone.
了解如何将域委派给 Azure DNS。Learn how to delegate your domain to Azure DNS.
查看 Azure DNS PowerShell 参考文档。Review the Azure DNS PowerShell reference documentation.