快速入门:使用 Azure 门户创建 Azure 专用 DNS 区域Quickstart: Create an Azure private DNS zone using the Azure portal

本快速入门将引导你完成使用 Azure 门户创建第一个专用 DNS 区域和记录的步骤。This quickstart walks you through the steps to create your first private DNS zone and record using the Azure portal.

DNS 区域用来托管某个特定域的 DNS 记录。A DNS zone is used to host the DNS records for a particular domain. 若要开始在 Azure DNS 中托管域,需要为该域名创建 DNS 区域。To start hosting your domain in Azure DNS, you need to create a DNS zone for that domain name. 随后会在此 DNS 区域内为每个 DNS 记录创建域。Each DNS record for your domain is then created inside this DNS zone. 若要向虚拟网络发布专用 DNS 区域,请指定一个列表,其中包含允许在区域中解析记录的虚拟网络。To publish a private DNS zone to your virtual network, you specify the list of virtual networks that are allowed to resolve records within the zone. 这些虚拟网络称为链接的虚拟网络。 These are called linked virtual networks. 启用自动注册后,Azure DNS 还会在创建虚拟机、更改其 IP 地址或删除虚拟机时更新区域记录。When autoregistration is enabled, Azure DNS also updates the zone records whenever a virtual machine is created, changes its' IP address, or is deleted.

必备条件Prerequisites

如果没有 Azure 订阅,可在开始前创建一个 1 元人民币试用帐户If you don’t have an Azure subscription, create a 1rmb trial account before you begin.

如果你愿意,可以使用 Azure PowerShellAzure CLI 完成本快速入门中的步骤。If you prefer, you can complete this quickstart using Azure PowerShell or Azure CLI.

创建专用 DNS 区域Create a private DNS zone

以下示例在名为 MyAzureResourceGroup 的资源组中创建名为 private.contoso.com 的 DNS 区域。The following example creates a DNS zone called private.contoso.com in a resource group called MyAzureResourceGroup.

DNS 区域包含域的 DNS 条目。A DNS zone contains the DNS entries for a domain. 若要开始在 Azure DNS 中托管域,请为该域名创建一个 DNS 区域。To start hosting your domain in Azure DNS, you create a DNS zone for that domain name.

专用 DNS 区域搜索

  1. 在门户搜索栏中的搜索文本框内键入“专用 dns 区域”,然后按 EnterOn the portal search bar, type private dns zones in the search text box and press Enter.

  2. 选择“专用 DNS 区域”。 Select Private DNS zone.

  3. 选择“创建专用 DNS 区域”。 Select Create private dns zone.

  4. 在“创建专用 DNS 区域”页上,键入或选择以下值: On the Create Private DNS zone page, type or select the following values:

    • 资源组:选择“新建”,输入 MyAzureResourceGroup,然后选择“确定”。 Resource group: Select Create new, enter MyAzureResourceGroup, and select OK. 资源组名称在 Azure 订阅中必须唯一。The resource group name must be unique within the Azure subscription.
    • Name:对于此示例,请键入 private.contoso.comName: Type private.contoso.com for this example.
  5. 对于“资源组位置”,请选择“中国东部 2”。For Resource group location, select China East 2.

  6. 选择“查看 + 创建” 。Select Review + Create.

  7. 选择“创建” 。Select Create.

创建区域可能需要几分钟。It may take a few minutes to create the zone.

虚拟网络和参数Virtual network and parameters

在本部分中,你需要将步骤中的以下参数替换为以下信息:In this section you'll need to replace the following parameters in the steps with the information below:

参数Parameter Value
<resource-group-name> MyAzureResourceGroup(选择现有资源组)MyAzureResourceGroup (Select existing resource group)
<virtual-network-name> MyAzureVNetMyAzureVNet
<region-name> 中国东部 2China East 2
<IPv4-address-space> 10.2.0.0\1610.2.0.0\16
<subnet-name> MyAzureSubnetMyAzureSubnet
<subnet-address-range> 10.2.0.0\2410.2.0.0\24

创建虚拟网络Create the virtual network

在本部分,请创建虚拟网络和子网。In this section, you'll create a virtual network and subnet.

  1. 在屏幕的左上方选择“创建资源”>“网络”>“虚拟网络”,或者在搜索框中搜索“虚拟网络”。 On the upper-left side of the screen, select Create a resource > Networking > Virtual network or search for Virtual network in the search box.

  2. 在“创建虚拟网络” 的“基本信息”选项卡中输入或选择以下信息 :In Create virtual network, enter or select this information in the Basics tab:

    设置Setting Value
    项目详细信息Project Details
    订阅Subscription 选择 Azure 订阅Select your Azure subscription
    资源组Resource Group 选择“新建” ,输入 <resource-group-name> ,然后选择“确定”,或根据参数选择现有 <resource-group-name>Select Create new, enter <resource-group-name>, then select OK, or select an existing <resource-group-name> based on parameters.
    实例详细信息Instance details
    名称Name 输入 <virtual-network-name>Enter <virtual-network-name>
    区域Region 选择 <region-name>Select <region-name>
  3. 选择“IP 地址”选项卡 ,或选择页面底部的“下一步: IP 地址”按钮。Select the IP Addresses tab or select the Next: IP Addresses button at the bottom of the page.

  4. 在“IP 地址” 选项卡上,输入以下信息:In the IP Addresses tab, enter this information:

    设置Setting Value
    IPv4 地址空间IPv4 address space 输入 <IPv4-address-space>Enter <IPv4-address-space>
  5. 在“子网名称” 下,选择词语“默认” 。Under Subnet name, select the word default.

  6. 在“编辑子网”中输入以下信息: In Edit subnet, enter this information:

    设置Setting Value
    子网名称Subnet name 输入 <subnet-name>Enter <subnet-name>
    子网地址范围Subnet address range 输入 <subnet-address-range>Enter <subnet-address-range>
  7. 选择“保存”。 Select Save.

  8. 选择“查看 + 创建” 选项卡,或选择“查看 + 创建” 按钮。Select the Review + create tab or select the Review + create button.

  9. 选择“创建” 。Select Create.

若要将专用 DNS 区域链接到虚拟网络,请创建虚拟网络链接。To link the private DNS zone to a virtual network, you create a virtual network link.

添加虚拟网络链接

  1. 打开“MyAzureResourceGroup”资源组,并选择“private.contoso.com”专用区域。Open the MyAzureResourceGroup resource group and select the private.contoso.com private zone.
  2. 在左窗格中,选择“虚拟网络链接”。On the left pane, select Virtual network links.
  3. 选择“添加”。Select Add.
  4. 键入 myLink 作为 链接名称Type myLink for the Link name.
  5. 对于“虚拟网络”,请选择“myAzureVNet”。For Virtual network, select myAzureVNet.
  6. 选中“启用自动注册”复选框。Select the Enable auto registration check box.
  7. 选择“确定” 。Select OK.

创建测试虚拟机Create the test virtual machines

现在,创建两台虚拟机,以便可以测试专用 DNS 区域:Now, create two virtual machines so you can test your private DNS zone:

  1. 在门户页的左上角,依次选择“创建资源”、“Windows Server 2016 Datacenter”。On the portal page upper left, select Create a resource, and then select Windows Server 2016 Datacenter.
  2. 选择“MyAzureResourceGroup”作为资源组。Select MyAzureResourceGroup for the resource group.
  3. 键入 myVM01 作为虚拟机的名称。Type myVM01 - for the name of the virtual machine.
  4. 对于“区域”,请选择“中国东部 2”。Select China East 2 for the Region.
  5. 为管理员用户名输入一个名称。Enter a name for the administrator user name.
  6. 输入密码并确认密码。Enter a password and confirm the password.
  7. 对“公共入站端口”选择“允许所选端口”,然后对“选择入站端口”选择“RDP (3389)”。For Public inbound ports, select Allow selected ports, and then select RDP (3389) for Select inbound ports.
  8. 接受该页上的其他默认值,然后单击“下一步:磁盘 >”。Accept the other defaults for the page and then click Next: Disks >.
  9. 接受“磁盘”页上的默认值,然后单击“下一步: 网络 >”。Accept the defaults on the Disks page, then click Next: Networking >.
  10. 确保为虚拟网络选择了“myAzureVNet”。Make sure that myAzureVNet is selected for the virtual network.
  11. 接受该页上的其他默认值,然后单击“下一步:管理 >”。Accept the other defaults for the page, and then click Next: Management >.
  12. 对于“启动诊断”,请选择“关闭”,接受其他默认值,然后选择“查看 + 创建”。For Boot diagnostics, select Off, accept the other defaults, and then select Review + create.
  13. 查看设置,然后单击“创建”。Review the settings and then click Create.

重复这些步骤创建名为 myVM02 的另一个虚拟机。Repeat these steps and create another virtual machine named myVM02.

创建完这两个虚拟机需要花费几分钟时间。It will take a few minutes for both virtual machines to complete.

创建额外的 DNS 记录Create an additional DNS record

下面的示例在 DNS 区域 private.contoso.com 的资源组 MyAzureResourceGroup 中创建相对名称为 db 的一个记录。The following example creates a record with the relative name db in the DNS Zone private.contoso.com, in resource group MyAzureResourceGroup. 记录集的完全限定名称为 db.private.contoso.comThe fully qualified name of the record set is db.private.contoso.com. 记录类型为“A”,包含 myVM01 的 IP 地址。The record type is "A", with the IP address of myVM01.

  1. 打开“MyAzureResourceGroup”资源组,并选择“private.contoso.com”专用区域。Open the MyAzureResourceGroup resource group and select the private.contoso.com private zone.
  2. 选择“+记录集”。Select + Record set.
  3. 对于“名称”,请键入 dbFor Name, type db.
  4. 对于“IP 地址”,请键入 myVM01 的 IP 地址。For IP Address, type the IP address you see for myVM01. 启动虚拟机时,应会自动注册此地址。This should be auto registered when the virtual machine started.
  5. 选择“确定” 。Select OK.

测试专用区域Test the private zone

现在,可以测试 private.contoso.com 专用区域的名称解析。Now you can test the name resolution for your private.contoso.com private zone.

将 VM 配置为允许入站 ICMPConfigure VMs to allow inbound ICMP

可以使用 ping 命令来测试名称解析。You can use the ping command to test name resolution. 因此,在两台虚拟机上都将防火墙配置为允许入站 ICMP 数据包。So, configure the firewall on both virtual machines to allow inbound ICMP packets.

  1. 连接到 myVM01,使用管理员权限打开 Windows PowerShell 窗口。Connect to myVM01, and open a Windows PowerShell window with administrator privileges.

  2. 运行以下命令:Run the following command:

    New-NetFirewallRule –DisplayName "Allow ICMPv4-In" –Protocol ICMPv4
    

针对 myVM02 重复上述操作。Repeat for myVM02.

按名称对 VM 执行 ping 命令Ping the VMs by name

  1. 从 myVM02 Windows PowerShell 命令提示符下,使用自动注册的主机名对 myVM01 执行 ping 命令:From the myVM02 Windows PowerShell command prompt, ping myVM01 using the automatically registered host name:
    ping myVM01.private.contoso.com
    
    应看到与以下内容类似的输出:You should see output that looks similar to this:
    PS C:\> ping myvm01.private.contoso.com
    
    Pinging myvm01.private.contoso.com [10.2.0.4] with 32 bytes of data:
    Reply from 10.2.0.4: bytes=32 time<1ms TTL=128
    Reply from 10.2.0.4: bytes=32 time=1ms TTL=128
    Reply from 10.2.0.4: bytes=32 time<1ms TTL=128
    Reply from 10.2.0.4: bytes=32 time<1ms TTL=128
    
    Ping statistics for 10.2.0.4:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 1ms, Average = 0ms
    PS C:\>
    
  2. 现在,对之前创建的 db 名称执行 ping 命令:Now ping the db name you created previously:
    ping db.private.contoso.com
    
    应看到与以下内容类似的输出:You should see output that looks similar to this:
    PS C:\> ping db.private.contoso.com
    
    Pinging db.private.contoso.com [10.2.0.4] with 32 bytes of data:
    Reply from 10.2.0.4: bytes=32 time<1ms TTL=128
    Reply from 10.2.0.4: bytes=32 time<1ms TTL=128
    Reply from 10.2.0.4: bytes=32 time<1ms TTL=128
    Reply from 10.2.0.4: bytes=32 time<1ms TTL=128
    
    Ping statistics for 10.2.0.4:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 0ms, Average = 0ms
    PS C:\>
    

清理资源Clean up resources

不再需要时,可以通过删除 MyAzureResourceGroup 资源组来删除在本快速入门中创建的资源。When no longer needed, delete the MyAzureResourceGroup resource group to delete the resources created in this quickstart.

后续步骤Next steps