快速入门:使用 ARM 模板创建 Azure DNS 专用解析程序
本快速入门介绍如何使用 Azure 资源管理器模板(ARM 模板)来创建 Azure DNS 专用解析程序。
Azure 资源管理器模板是定义项目基础结构和配置的 JavaScript 对象表示法 (JSON) 文件。 模板使用声明性语法。 你可以在不编写用于创建部署的编程命令序列的情况下,描述预期部署。
下图总结了所使用的常规设置。 模板中使用的子网地址范围与图中所示的子网地址范围略有不同。
如果你的环境满足先决条件,并且你熟悉如何使用 ARM 模板,请选择“部署到 Azure”按钮。 Azure 门户中会打开模板。
先决条件
如果没有 Azure 订阅,可在开始前创建一个试用帐户。
查看模板
本快速入门中使用的模板来自 Azure 快速启动模板。
此模板配置为创建:
- 虚拟网络
- DNS 解析程序
- 入站和出站终结点
- 转发规则和规则集。
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.17.1.54307",
"templateHash": "4642931119059320905"
}
},
"parameters": {
"resolverVNETName": {
"type": "string",
"defaultValue": "dnsresolverVNET",
"metadata": {
"description": "name of the new virtual network where DNS resolver will be created"
}
},
"resolverVNETAddressSpace": {
"type": "string",
"defaultValue": "10.7.0.0/24",
"metadata": {
"description": "the IP address space for the resolver virtual network"
}
},
"dnsResolverName": {
"type": "string",
"defaultValue": "dnsResolver",
"metadata": {
"description": "name of the dns private resolver"
}
},
"location": {
"type": "string",
"allowedValues": [
"chinanorth3"
],
"metadata": {
"description": "the location for resolver VNET and dns private resolver - Azure DNS Private Resolver available in specific region, refer the documenation to select the supported region for this deployment. For more information https://docs.azure.cn/dns/dns-private-resolver-overview#regional-availability"
}
},
"inboundSubnet": {
"type": "string",
"defaultValue": "snet-inbound",
"metadata": {
"description": "name of the subnet that will be used for private resolver inbound endpoint"
}
},
"inboundAddressPrefix": {
"type": "string",
"defaultValue": "10.7.0.0/28",
"metadata": {
"description": "the inbound endpoint subnet address space"
}
},
"outboundSubnet": {
"type": "string",
"defaultValue": "snet-outbound",
"metadata": {
"description": "name of the subnet that will be used for private resolver outbound endpoint"
}
},
"outboundAddressPrefix": {
"type": "string",
"defaultValue": "10.7.0.16/28",
"metadata": {
"description": "the outbound endpoint subnet address space"
}
},
"resolvervnetlink": {
"type": "string",
"defaultValue": "vnetlink",
"metadata": {
"description": "name of the vnet link that links outbound endpoint with forwarding rule set"
}
},
"forwardingRulesetName": {
"type": "string",
"defaultValue": "forwardingRule",
"metadata": {
"description": "name of the forwarding ruleset"
}
},
"forwardingRuleName": {
"type": "string",
"defaultValue": "contosocom",
"metadata": {
"description": "name of the forwarding rule name"
}
},
"DomainName": {
"type": "string",
"defaultValue": "contoso.com.",
"metadata": {
"description": "the target domain name for the forwarding ruleset"
}
},
"targetDNS": {
"type": "array",
"defaultValue": [
{
"ipaddress": "10.0.0.4",
"port": 53
},
{
"ipaddress": "10.0.0.5",
"port": 53
}
],
"metadata": {
"description": "the list of target DNS servers ip address and the port number for conditional forwarding"
}
}
},
"resources": [
{
"type": "Microsoft.Network/dnsResolvers",
"apiVersion": "2022-07-01",
"name": "[parameters('dnsResolverName')]",
"location": "[parameters('location')]",
"properties": {
"virtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks', parameters('resolverVNETName'))]"
}
},
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', parameters('resolverVNETName'))]"
]
},
{
"type": "Microsoft.Network/dnsResolvers/inboundEndpoints",
"apiVersion": "2022-07-01",
"name": "[format('{0}/{1}', parameters('dnsResolverName'), parameters('inboundSubnet'))]",
"location": "[parameters('location')]",
"properties": {
"ipConfigurations": [
{
"privateIpAllocationMethod": "Dynamic",
"subnet": {
"id": "[format('{0}/subnets/{1}', resourceId('Microsoft.Network/virtualNetworks', parameters('resolverVNETName')), parameters('inboundSubnet'))]"
}
}
]
},
"dependsOn": [
"[resourceId('Microsoft.Network/dnsResolvers', parameters('dnsResolverName'))]",
"[resourceId('Microsoft.Network/virtualNetworks', parameters('resolverVNETName'))]"
]
},
{
"type": "Microsoft.Network/dnsResolvers/outboundEndpoints",
"apiVersion": "2022-07-01",
"name": "[format('{0}/{1}', parameters('dnsResolverName'), parameters('outboundSubnet'))]",
"location": "[parameters('location')]",
"properties": {
"subnet": {
"id": "[format('{0}/subnets/{1}', resourceId('Microsoft.Network/virtualNetworks', parameters('resolverVNETName')), parameters('outboundSubnet'))]"
}
},
"dependsOn": [
"[resourceId('Microsoft.Network/dnsResolvers', parameters('dnsResolverName'))]",
"[resourceId('Microsoft.Network/virtualNetworks', parameters('resolverVNETName'))]"
]
},
{
"type": "Microsoft.Network/dnsForwardingRulesets",
"apiVersion": "2022-07-01",
"name": "[parameters('forwardingRulesetName')]",
"location": "[parameters('location')]",
"properties": {
"dnsResolverOutboundEndpoints": [
{
"id": "[resourceId('Microsoft.Network/dnsResolvers/outboundEndpoints', parameters('dnsResolverName'), parameters('outboundSubnet'))]"
}
]
},
"dependsOn": [
"[resourceId('Microsoft.Network/dnsResolvers/outboundEndpoints', parameters('dnsResolverName'), parameters('outboundSubnet'))]"
]
},
{
"type": "Microsoft.Network/dnsForwardingRulesets/virtualNetworkLinks",
"apiVersion": "2022-07-01",
"name": "[format('{0}/{1}', parameters('forwardingRulesetName'), parameters('resolvervnetlink'))]",
"properties": {
"virtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks', parameters('resolverVNETName'))]"
}
},
"dependsOn": [
"[resourceId('Microsoft.Network/dnsForwardingRulesets', parameters('forwardingRulesetName'))]",
"[resourceId('Microsoft.Network/virtualNetworks', parameters('resolverVNETName'))]"
]
},
{
"type": "Microsoft.Network/dnsForwardingRulesets/forwardingRules",
"apiVersion": "2022-07-01",
"name": "[format('{0}/{1}', parameters('forwardingRulesetName'), parameters('forwardingRuleName'))]",
"properties": {
"domainName": "[parameters('DomainName')]",
"targetDnsServers": "[parameters('targetDNS')]"
},
"dependsOn": [
"[resourceId('Microsoft.Network/dnsForwardingRulesets', parameters('forwardingRulesetName'))]"
]
},
{
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2022-01-01",
"name": "[parameters('resolverVNETName')]",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('resolverVNETAddressSpace')]"
]
},
"enableDdosProtection": false,
"enableVmProtection": false,
"subnets": [
{
"name": "[parameters('inboundSubnet')]",
"properties": {
"addressPrefix": "[parameters('inboundAddressPrefix')]",
"delegations": [
{
"name": "Microsoft.Network.dnsResolvers",
"properties": {
"serviceName": "Microsoft.Network/dnsResolvers"
}
}
]
}
},
{
"name": "[parameters('outboundSubnet')]",
"properties": {
"addressPrefix": "[parameters('outboundAddressPrefix')]",
"delegations": [
{
"name": "Microsoft.Network.dnsResolvers",
"properties": {
"serviceName": "Microsoft.Network/dnsResolvers"
}
}
]
}
}
]
}
}
]
}
此模板中定义了七个资源:
- Microsoft.Network/virtualnetworks
- Microsoft.Network/dnsResolvers
- Microsoft.Network/dnsResolvers/inboundEndpoints
- Microsoft.Network/dnsResolvers/outboundEndpoints
- Microsoft.Network/dnsForwardingRulesets
- Microsoft.Network/dnsForwardingRulesets/forwardingRules
- Microsoft.Network/dnsForwardingRulesets/virtualNetworkLinks
部署模板
read -p "Enter the location: " location
resourceGroupName="exampleRG"
templateUri="https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.network/azure-dns-private-resolver/azuredeploy.json"
az group create \
--name $resourceGroupName \
--locataion $location
az deployment group create \
--resource-group $resourceGroupName \
--template-uri $templateUri
验证部署
登录 Azure 门户。
从左侧窗格中选择“资源组”。
选择你在上一部分中创建的资源组。
资源组应包含以下资源:
选择 DNS 专用解析程序服务以验证预配状态和当前状态。
选择“入站终结点”和“出站终结点”,以验证是否已创建终结点以及出站终结点是否与转发规则集相关联。
从出站终结点页中选择“关联的规则集”,以验证是否创建转发规则集和规则。
验证解析程序虚拟网络是否与转发规则集建立链接。
后续步骤
在本快速入门中,你创建了虚拟网络和 DNS 专用解析程序。 现在为 Azure 和本地域配置名称解析。