什么是 Azure DNS?What is Azure DNS?

Azure DNS 是 DNS 域的托管服务,它使用 Azure 基础结构提供名称解析。Azure DNS is a hosting service for DNS domains that provides name resolution by using Azure infrastructure. 通过在 Azure 中托管域,可以使用与其他 Azure 服务相同的凭据、API、工具和计费来管理 DNS 记录。By hosting your domains in Azure, you can manage your DNS records by using the same credentials, APIs, tools, and billing as your other Azure services.

不能使用 Azure DNS 来购买域名。You can't use Azure DNS to buy a domain name. 可以通过第三方域名注册机构购买域名,但需支付年费。For an annual fee, you can buy a domain name using a third-party domain name registrar. 然后,可以将域托管在 Azure DNS 中来管理记录。Your domains then can be hosted in Azure DNS for record management. 有关详细信息,请参阅 向 Azure DNS 委派域For more information, see Delegate a domain to Azure DNS.

Azure DNS 附带了以下功能。The following features are included with Azure DNS.

可靠性和性能Reliability and performance

Azure DNS 中的 DNS 域托管在 DNS 名称服务器的 Azure 全球网络上。DNS domains in Azure DNS are hosted on Azure's global network of DNS name servers. Azure DNS 使用任意广播网络。Azure DNS uses anycast networking. 每个 DNS 查询由最近的可用 DNS 服务器来应答,为你的域提供快速性能和高可用性。Each DNS query is answered by the closest available DNS server to provide fast performance and high availability for your domain.

安全性Security

Azure DNS 基于 Azure 资源管理器,后者提供以下功能:Azure DNS is based on Azure Resource Manager, which provides features such as:

  • 基于角色的访问控制:控制谁有权访问针对组织的特定操作。Role-based access control to control who has access to specific actions for your organization.

  • 活动日志:监视你的组织中的用户对资源进行了怎样的修改,或者在进行故障排除时查找错误。Activity logs to monitor how a user in your organization modified a resource or to find an error when troubleshooting.

  • 资源锁定:锁定订阅、资源组或资源。Resource locking to lock a subscription, resource group, or resource. 锁定可以防止组织中的其他用户意外删除或修改重要资源。Locking prevents other users in your organization from accidentally deleting or modifying critical resources.

有关详细信息,请参阅如何保护 DNS 区域和记录For more information, see How to protect DNS zones and records.

DNSSECDNSSEC

Azure DNS 当前不支持 DNSSEC。Azure DNS does not currently support DNSSEC. 在大多数情况下,可以通过在应用程序中始终使用 HTTPS/TLS 来减少对 DNSSEC 的需求。In most cases, you can reduce the need for DNSSEC by consistently using HTTPS/TLS in your applications. 如果 DNSSEC 是 DNS 区域的关键要求,则可以使用第三方 DNS 托管提供者托管这些区域。If DNSSEC is a critical requirement for your DNS zones, you can host these zones with third party DNS hosting providers.

易于使用Ease of use

Azure DNS 可以管理 Azure 服务的 DNS 记录,还可以为外部资源提供 DNS。Azure DNS can manage DNS records for your Azure services and provide DNS for your external resources as well. Azure DNS 在 Azure 门户中集成,与其他 Azure 服务使用相同的凭据、支持合同和计费。Azure DNS is integrated in the Azure portal and uses the same credentials, support contract, and billing as your other Azure services.

DNS 基于在 Azure 中托管的 DNS 区域数和接收的 DNS 查询数进行计费。DNS billing is based on the number of DNS zones hosted in Azure and on the number of DNS queries received. 若要深入了解定价,请参阅 Azure DNS 定价To learn more about pricing, see Azure DNS pricing.

可以通过 Azure 门户、Azure PowerShell cmdlet 和跨平台 Azure CLI 对域和记录进行管理。Your domains and records can be managed by using the Azure portal, Azure PowerShell cmdlets, and the cross-platform Azure CLI. 需要自动 DNS 管理的应用程序可通过 REST API 和 SDK 与服务进行集成。Applications that require automated DNS management can integrate with the service by using the REST API and SDKs.

可自定义的包含专用域的虚拟网络Customizable virtual networks with private domains

Azure DNS 还支持 DNS 专用域。Azure DNS also supports private DNS domains. 此功能允许在专用虚拟网络中使用自定义域名而不使用当前可用的由 Azure 提供的名称。This feature allows you to use your own custom domain names in your private virtual networks rather than the Azure-provided names available today.

有关详细信息,请参阅在专用域中使用 Azure DNSFor more information, see Use Azure DNS for private domains.

后续步骤Next steps