什么是 Azure 专用 DNS?What is Azure Private DNS?

域名系统(或称为 DNS)负责将服务名称转换(或解析)为其 IP 地址。The Domain Name System, or DNS, is responsible for translating (or resolving) a service name to its IP address. Azure DNS 是 DNS 域的托管服务,它使用 Azure 基础结构提供名称解析。Azure DNS is a hosting service for DNS domains, providing name resolution using the Azure infrastructure. 除了支持面向 Internet 的 DNS 域之外,Azure DNS 还支持专用 DNS 区域。In addition to supporting internet-facing DNS domains, Azure DNS also supports private DNS zones.

Azure 专用 DNS 提供可靠、安全的 DNS 服务来管理和解析虚拟网络中的域名,无需添加自定义 DNS 解决方案。Azure Private DNS provides a reliable, secure DNS service to manage and resolve domain names in a virtual network without the need to add a custom DNS solution. 借助专用 DNS 区域,可以使用自定义域名而不使用当前可用的由 Azure 提供的名称。By using private DNS zones, you can use your own custom domain names rather than the Azure-provided names available today. 使用自定义域名可帮助你定制虚拟网络体系结构以便最好地满足组织需求。Using custom domain names helps you to tailor your virtual network architecture to best suit your organization's needs. 它在虚拟网络内以及在虚拟网络之间针对虚拟机 (VM) 提供名称解析。It provides name resolution for virtual machines (VMs) within a virtual network and between virtual networks. 除此之外,还可以通过水平分割视图配置区域名称,从而允许专用和公用 DNS 区域共享名称。Additionally, you can configure zones names with a split-horizon view, which allows a private and a public DNS zone to share the name.

若要从虚拟网络解析专用 DNS 区域的记录,必须将虚拟网络与该区域链接。To resolve the records of a private DNS zone from your virtual network, you must link the virtual network with the zone. 链接的虚拟网络具有完全访问权限,可以解析在专用区域中发布的所有 DNS 记录。Linked virtual networks have full access and can resolve all DNS records published in the private zone. 此外,还可以在虚拟网络链接上启用自动注册。Additionally, you can also enable autoregistration on a virtual network link. 如果在虚拟网络链接上启用了自动注册,则该虚拟网络上的虚拟机的 DNS 记录将在专用区域中注册。If you enable autoregistration on a virtual network link, the DNS records for the virtual machines on that virtual network are registered in the private zone. 启用自动注册后,Azure DNS 还会在创建虚拟机、更改其 IP 地址或删除虚拟机时更新区域记录。When autoregistration is enabled, Azure DNS also updates the zone records whenever a virtual machine is created, changes its' IP address, or is deleted.

DNS 概述

备注

最好不要将 .local 域用于专用 DNS 区域 。As a best practice, do not use a .local domain for your private DNS zone. 并非所有操作系统都支持此功能。Not all operating systems support this.

优点Benefits

Azure 专用 DNS 具有以下优势:Azure Private DNS provides the following benefits:

  • 无需使用自定义 DNS 解决方案Removes the need for custom DNS solutions. 以前,许多客户创建了自定义 DNS 解决方案来管理其虚拟网络。Previously, many customers created custom DNS solutions to manage DNS zones in their virtual network. 现可使用本机 Azure 基础结构管理 DNS 区域,这解除了创建和管理自定义 DNS 解决方案的负担。You can now manage DNS zones using the native Azure infrastructure, which removes the burden of creating and managing custom DNS solutions.

  • 使用所有常见的 DNS 记录类型Use all common DNS records types. Azure DNS 支持 A、AAAA、CNAME、MX、PTR、SOA、SRV 和 TXT 记录。Azure DNS supports A, AAAA, CNAME, MX, PTR, SOA, SRV, and TXT records.

  • 自动化主机名记录管理Automatic hostname record management. 除了承载自定义 DNS 记录之外,Azure 还会自动维护指定虚拟网络中的 VM 的主机名记录。Along with hosting your custom DNS records, Azure automatically maintains hostname records for the VMs in the specified virtual networks. 在此场景中,可以优化所使用的域名,不需要创建自定义 DNS 解决方案或修改应用程序。In this scenario, you can optimize the domain names you use without needing to create custom DNS solutions or modify applications.

  • 虚拟网络之间的主机名解析Hostname resolution between virtual networks. 不同于 Azure 提供的主机名,专用 DNS 区域可以在虚拟网络之间共享。Unlike Azure-provided host names, private DNS zones can be shared between virtual networks. 此功能简化了跨网络和服务发现方案,例如,虚拟网络对等互连。This capability simplifies cross-network and service-discovery scenarios, such as virtual network peering.

  • 熟悉的工具和用户体验Familiar tools and user experience. 为了降低学习难度,此服务使用成熟的 Azure DNS 工具(Azure 门户、Azure PowerShell、Azure CLI、Azure 资源管理器模板和 REST API)。To reduce the learning curve, this service uses well-established Azure DNS tools (Azure portal, Azure PowerShell, Azure CLI, Azure Resource Manager templates, and the REST API).

  • 水平分割 DNS 支持Split-horizon DNS support. 借助 Azure DNS,可以使用相同的名称创建在虚拟网络内与在公共 Internet 内分别解析为不同结果的区域。With Azure DNS, you can create zones with the same name that resolve to different answers from within a virtual network and from the public internet. 水平分割 DNS 的典型方案是提供一个专用服务版本以在虚拟网络内部使用。A typical scenario for split-horizon DNS is to provide a dedicated version of a service for use inside your virtual network.

  • 在所有 Azure 区域中可用Available in all Azure regions. Azure DNS 专用区域功能在 Azure 云的所有 Azure 区域中都可用。The Azure DNS private zones feature is available in all Azure regions in the Azure cloud.

功能Capabilities

Azure DNS 提供以下功能:Azure DNS provides the following capabilities:

  • 从链接到专用区域并启用了自动注册的虚拟网络中,自动注册虚拟机Automatic registration of virtual machines from a virtual network that's linked to a private zone with autoregistration enabled. 虚拟机将作为指向其专用 IP 地址的 A 记录注册(添加)到专用区域。The virtual machines are registered (added) to the private zone as A records pointing to their private IP addresses. 在启用了自动注册的虚拟网络链接中删除虚拟机后,Azure DNS 还会从所链接的专用区域中删除对应的 DNS 记录。When a virtual machine in a virtual network link with autoregistration enabled is deleted, Azure DNS also automatically removes the corresponding DNS record from the linked private zone.

  • 在链接到专用区域的虚拟网络之间支持正向 DNS 解析Forward DNS resolution is supported across virtual networks that are linked to the private zone. 对于跨虚拟网络 DNS 解析,不会明确要求虚拟网络彼此对等互连。For cross-virtual network DNS resolution, there's no explicit dependency such that the virtual networks are peered with each other. 不过,对于其他场景(例如 HTTP 流量),你可能希望将虚拟网络对等互连。However, you might want to peer virtual networks for other scenarios (for example, HTTP traffic).

  • 在虚拟网络范围内支持反向 DNS 查找Reverse DNS lookup is supported within the virtual-network scope. 对分配到专用区域的虚拟网络中的专用 IP 进行反向 DNS 查找会返回 FQDN,其中包括主机/记录名称以及作为后缀的区域名称。Reverse DNS lookup for a private IP within the virtual network assigned to a private zone returns the FQDN that includes the host/record name and the zone name as the suffix.

其他注意事项Other considerations

Azure DNS 具有以下限制:Azure DNS has the following limitations:

  • 如果启用了自动注册 VM DNS 记录,则特定虚拟网络只能链接到一个专用区域。A specific virtual network can be linked to only one private zone if automatic registration of VM DNS records is enabled. 但可以将多个虚拟网络链接到单个 DNS 区域。You can however link multiple virtual networks to a single DNS zone.
  • 反向 DNS 仅适用于链接虚拟网络中的专用 IP 空间Reverse DNS works only for private IP space in the linked virtual network
  • 链接的虚拟网络的专用 IP 地址的反向 DNS 返回 internal.chinacloudapp.cn ,作为虚拟机的默认后缀。Reverse DNS for a private IP address for a linked virtual network returns internal.chinacloudapp.cn as the default suffix for the virtual machine. 对于链接到启用了自动注册的专用区域的虚拟网络,专用 IP 地址的反向 DNS 返回两个 FQDN:一个具有默认后缀 internal.chinacloudapp.cn ,另一个具有专用区域后缀。For virtual networks that are linked to a private zone with autoregistration enabled, reverse DNS for a private IP address returns two FQDNs: one with default the suffix internal.chinacloudapp.cn and another with the private zone suffix.
  • 目前,条件转发不受本机支持。Conditional forwarding is not currently natively supported. 在 Azure 和本地网络之间启用解析。To enable resolution between Azure and on-premises networks. 请参阅 VM 和角色实例的名称解析See Name resolution for VMs and role instances

定价Pricing

有关定价信息,请参阅 Azure DNS 定价For pricing information, see Azure DNS Pricing.

后续步骤Next steps