本快速入门介绍如何使用 Azure 资源管理器模板(ARM 模板)来创建 Azure DNS 专用解析程序。
Azure 资源管理器模板是定义项目基础结构和配置的 JavaScript 对象表示法 (JSON) 文件。 模板使用声明性语法。 你可以在不编写用于创建部署的编程命令序列的情况下,描述预期部署。
下图总结了所使用的常规设置。 模板中使用的子网地址范围与图中所示的子网地址范围略有不同。
如果你的环境满足先决条件,并且你熟悉如何使用 ARM 模板,请选择“部署到 Azure”按钮。 Azure 门户中会打开模板。
如果没有 Azure 订阅,可在开始前创建一个试用帐户。
本快速入门中使用的模板来自 Azure 快速启动模板。
此模板配置为创建:
- 虚拟网络
- DNS 解析程序
- 入站和出站终结点
- 转发规则和规则集。
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.17.1.54307",
"templateHash": "4642931119059320905"
}
},
"parameters": {
"resolverVNETName": {
"type": "string",
"defaultValue": "dnsresolverVNET",
"metadata": {
"description": "name of the new virtual network where DNS resolver will be created"
}
},
"resolverVNETAddressSpace": {
"type": "string",
"defaultValue": "10.7.0.0/24",
"metadata": {
"description": "the IP address space for the resolver virtual network"
}
},
"dnsResolverName": {
"type": "string",
"defaultValue": "dnsResolver",
"metadata": {
"description": "name of the dns private resolver"
}
},
"location": {
"type": "string",
"allowedValues": [
"chinanorth3"
],
"metadata": {
"description": "the location for resolver VNET and dns private resolver - Azure DNS Private Resolver available in specific region, refer the documenation to select the supported region for this deployment. For more information https://docs.azure.cn/dns/dns-private-resolver-overview#regional-availability"
}
},
"inboundSubnet": {
"type": "string",
"defaultValue": "snet-inbound",
"metadata": {
"description": "name of the subnet that will be used for private resolver inbound endpoint"
}
},
"inboundAddressPrefix": {
"type": "string",
"defaultValue": "10.7.0.0/28",
"metadata": {
"description": "the inbound endpoint subnet address space"
}
},
"outboundSubnet": {
"type": "string",
"defaultValue": "snet-outbound",
"metadata": {
"description": "name of the subnet that will be used for private resolver outbound endpoint"
}
},
"outboundAddressPrefix": {
"type": "string",
"defaultValue": "10.7.0.16/28",
"metadata": {
"description": "the outbound endpoint subnet address space"
}
},
"resolvervnetlink": {
"type": "string",
"defaultValue": "vnetlink",
"metadata": {
"description": "name of the vnet link that links outbound endpoint with forwarding rule set"
}
},
"forwardingRulesetName": {
"type": "string",
"defaultValue": "forwardingRule",
"metadata": {
"description": "name of the forwarding ruleset"
}
},
"forwardingRuleName": {
"type": "string",
"defaultValue": "contosocom",
"metadata": {
"description": "name of the forwarding rule name"
}
},
"DomainName": {
"type": "string",
"defaultValue": "contoso.com.",
"metadata": {
"description": "the target domain name for the forwarding ruleset"
}
},
"targetDNS": {
"type": "array",
"defaultValue": [
{
"ipaddress": "10.0.0.4",
"port": 53
},
{
"ipaddress": "10.0.0.5",
"port": 53
}
],
"metadata": {
"description": "the list of target DNS servers ip address and the port number for conditional forwarding"
}
}
},
"resources": [
{
"type": "Microsoft.Network/dnsResolvers",
"apiVersion": "2022-07-01",
"name": "[parameters('dnsResolverName')]",
"location": "[parameters('location')]",
"properties": {
"virtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks', parameters('resolverVNETName'))]"
}
},
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', parameters('resolverVNETName'))]"
]
},
{
"type": "Microsoft.Network/dnsResolvers/inboundEndpoints",
"apiVersion": "2022-07-01",
"name": "[format('{0}/{1}', parameters('dnsResolverName'), parameters('inboundSubnet'))]",
"location": "[parameters('location')]",
"properties": {
"ipConfigurations": [
{
"privateIpAllocationMethod": "Dynamic",
"subnet": {
"id": "[format('{0}/subnets/{1}', resourceId('Microsoft.Network/virtualNetworks', parameters('resolverVNETName')), parameters('inboundSubnet'))]"
}
}
]
},
"dependsOn": [
"[resourceId('Microsoft.Network/dnsResolvers', parameters('dnsResolverName'))]",
"[resourceId('Microsoft.Network/virtualNetworks', parameters('resolverVNETName'))]"
]
},
{
"type": "Microsoft.Network/dnsResolvers/outboundEndpoints",
"apiVersion": "2022-07-01",
"name": "[format('{0}/{1}', parameters('dnsResolverName'), parameters('outboundSubnet'))]",
"location": "[parameters('location')]",
"properties": {
"subnet": {
"id": "[format('{0}/subnets/{1}', resourceId('Microsoft.Network/virtualNetworks', parameters('resolverVNETName')), parameters('outboundSubnet'))]"
}
},
"dependsOn": [
"[resourceId('Microsoft.Network/dnsResolvers', parameters('dnsResolverName'))]",
"[resourceId('Microsoft.Network/virtualNetworks', parameters('resolverVNETName'))]"
]
},
{
"type": "Microsoft.Network/dnsForwardingRulesets",
"apiVersion": "2022-07-01",
"name": "[parameters('forwardingRulesetName')]",
"location": "[parameters('location')]",
"properties": {
"dnsResolverOutboundEndpoints": [
{
"id": "[resourceId('Microsoft.Network/dnsResolvers/outboundEndpoints', parameters('dnsResolverName'), parameters('outboundSubnet'))]"
}
]
},
"dependsOn": [
"[resourceId('Microsoft.Network/dnsResolvers/outboundEndpoints', parameters('dnsResolverName'), parameters('outboundSubnet'))]"
]
},
{
"type": "Microsoft.Network/dnsForwardingRulesets/virtualNetworkLinks",
"apiVersion": "2022-07-01",
"name": "[format('{0}/{1}', parameters('forwardingRulesetName'), parameters('resolvervnetlink'))]",
"properties": {
"virtualNetwork": {
"id": "[resourceId('Microsoft.Network/virtualNetworks', parameters('resolverVNETName'))]"
}
},
"dependsOn": [
"[resourceId('Microsoft.Network/dnsForwardingRulesets', parameters('forwardingRulesetName'))]",
"[resourceId('Microsoft.Network/virtualNetworks', parameters('resolverVNETName'))]"
]
},
{
"type": "Microsoft.Network/dnsForwardingRulesets/forwardingRules",
"apiVersion": "2022-07-01",
"name": "[format('{0}/{1}', parameters('forwardingRulesetName'), parameters('forwardingRuleName'))]",
"properties": {
"domainName": "[parameters('DomainName')]",
"targetDnsServers": "[parameters('targetDNS')]"
},
"dependsOn": [
"[resourceId('Microsoft.Network/dnsForwardingRulesets', parameters('forwardingRulesetName'))]"
]
},
{
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2022-01-01",
"name": "[parameters('resolverVNETName')]",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('resolverVNETAddressSpace')]"
]
},
"enableDdosProtection": false,
"enableVmProtection": false,
"subnets": [
{
"name": "[parameters('inboundSubnet')]",
"properties": {
"addressPrefix": "[parameters('inboundAddressPrefix')]",
"delegations": [
{
"name": "Microsoft.Network.dnsResolvers",
"properties": {
"serviceName": "Microsoft.Network/dnsResolvers"
}
}
]
}
},
{
"name": "[parameters('outboundSubnet')]",
"properties": {
"addressPrefix": "[parameters('outboundAddressPrefix')]",
"delegations": [
{
"name": "Microsoft.Network.dnsResolvers",
"properties": {
"serviceName": "Microsoft.Network/dnsResolvers"
}
}
]
}
}
]
}
}
]
}
此模板中定义了七个资源:
- Microsoft.Network/virtualnetworks
- Microsoft.Network/dnsResolvers
- Microsoft.Network/dnsResolvers/inboundEndpoints
- Microsoft.Network/dnsResolvers/outboundEndpoints
- Microsoft.Network/dnsForwardingRulesets
- Microsoft.Network/dnsForwardingRulesets/forwardingRules
- Microsoft.Network/dnsForwardingRulesets/virtualNetworkLinks
read -p "Enter the location: " location
resourceGroupName="exampleRG"
templateUri="https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.network/azure-dns-private-resolver/azuredeploy.json"
az group create \
--name $resourceGroupName \
--locataion $location
az deployment group create \
--resource-group $resourceGroupName \
--template-uri $templateUri
登录 Azure 门户。
从左侧窗格中选择“资源组”。
选择你在上一部分中创建的资源组。
资源组应包含以下资源:
选择 DNS 专用解析程序服务以验证预配状态和当前状态。
选择“入站终结点”和“出站终结点”,以验证是否已创建终结点以及出站终结点是否与转发规则集相关联。
从出站终结点页中选择“关联的规则集”,以验证是否创建转发规则集和规则。
验证解析程序虚拟网络是否与转发规则集建立链接。
在本快速入门中,你创建了虚拟网络和 DNS 专用解析程序。 现在为 Azure 和本地域配置名称解析。