您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

Azure 专用 DNS 常见问题解答Azure Private DNS FAQ

下面是有关 Azure 专用 DNS 的常见问题。The following are frequently asked questions about Azure private DNS.

Azure DNS 是否支持专用域?Does Azure DNS support private domains?

使用 Azure 专用 DNS 区域功能支持专用域。Private domains are supported using the Azure Private DNS zones feature. 专用 DNS 区域只能从指定的虚拟网络中解析。Private DNS zones are resolvable only from within specified virtual networks. 有关详细信息,请参阅概述For more information, see the overview.

有关 Azure 中其他内部 DNS 选项的信息,请参阅 VM 和角色实例的名称解析For information on other internal DNS options in Azure, see Name resolution for VMs and role instances.

Azure 专用 DNS 区域是否适用于 Azure 区域?Will Azure Private DNS zones work across Azure regions?

可以。Yes. 专用区域支持在跨 Azure 区域的虚拟网络之间进行 DNS 解析。Private Zones is supported for DNS resolution between virtual networks across Azure regions. 即使未显式建立虚拟网络对等互连,专用区域也能正常工作。Private Zones works even without explicitly peering the virtual networks. 所有虚拟网络都必须链接到专用 DNS 区域。All the virtual networks must be linked to the private DNS zone.

专用区域是否需要在虚拟网络与 Internet 之间建立连接?Is connectivity to the Internet from virtual networks required for private zones?

不。No. 专用区域配合虚拟网络工作。Private zones work along with virtual networks. 你可以使用它们来管理虚拟机中的虚拟机或其他资源的域以及跨虚拟网络的其他资源。You use them to manage domains for virtual machines or other resources within and across virtual networks. 无需建立 Internet 连接即可进行名称解析。Internet connectivity isn't required for name resolution.

是否可将同一专用区域用于解析多个虚拟网络?Can the same private zone be used for several virtual networks for resolution?

可以。Yes. 可以将专用 DNS 区域链接到成千上万个虚拟网络。You can link a private DNS zone with thousands of virtual networks. 有关详细信息,请参阅Azure DNS 限制For more information, see Azure DNS Limits

属于不同订阅的虚拟网络是否可以链接到专用区域?Can a virtual network that belongs to a different subscription be linked to a private zone?

可以。Yes. 你必须对虚拟网络和专用 DNS 区域拥有写入操作权限。You must have write operation permission on the virtual networks and the private DNS zone. 可向多个 RBAC 角色授予“写入”权限。The write permission can be granted to several RBAC roles. 例如,经典网络参与者 RBAC 角色对虚拟网络具有写入权限,专用 DNS 区域参与者角色对专用 DNS 区域具有写入权限。For example, the Classic Network Contributor RBAC role has write permissions to virtual networks and Private DNS zones Contributor role has write permissions on the private DNS zones. 有关 RBAC 角色的详细信息,请参阅基于角色的访问控制For more information on RBAC roles, see Role-based access control.

删除虚拟机时,是否会自动删除在专用区域中自动注册的虚拟机 DNS 记录?Will the automatically registered virtual machine DNS records in a private zone be automatically deleted when you delete the virtual machine?

可以。Yes. 如果在已启用自动注册的情况下删除链接的虚拟网络中的虚拟机,则会自动删除已注册的记录。If you delete a virtual machine within a linked virtual network with autoregistration enabled, the registered records are automatically deleted.

是否可以手动删除从链接虚拟网络的专用区域中自动注册的虚拟机记录?Can an automatically registered virtual machine record in a private zone from a linked virtual network be deleted manually?

可以。Yes. 可以在区域中使用手动创建的 DNS 记录来覆盖此类自动注册的 DNS 记录。You can overwrite the automatically registered DNS records with a manually created DNS record in the zone. 以下问答部分解答了此主题。The following question and answer address this topic.

尝试手动创建新的 DNS 记录到与链接的虚拟网络中的自动注册现有虚拟机具有相同主机名的专用区域时会发生什么情况?What happens when I try to manually create a new DNS record into a private zone that has the same hostname as an automatically registered existing virtual machine in a linked virtual network?

尝试将新的 DNS 记录手动创建到与链接的虚拟网络中的现有、自动注册虚拟机主机名相同的专用区域中。You try to manually create a new DNS record into a private zone that has the same hostname as an existing, automatically registered virtual machine in a linked virtual network. 则新的 DNS 记录会覆盖自动注册的虚拟机记录。When you do, the new DNS record overwrites the automatically registered virtual machine record. 如果再次尝试从区域中删除这条手动创建的 DNS 记录,则删除操作将会成功。If you try to delete this manually created DNS record from the zone again, the delete succeeds. 只要虚拟机仍然存在并且其上已附加专用 IP,就会再次发生自动注册。The automatic registration happens again as long as the virtual machine still exists and has a private IP attached to it. DNS 记录将在区域中自动重新创建。The DNS record is re-created automatically in the zone.

可以。Yes. 若要从专用区域中取消链接链接的虚拟网络,请更新 DNS 区域以删除关联的虚拟网络链接。To unlink a linked virtual network from a private zone, you update the DNS zone to remove the associated virtual network link. 在此过程中,自动注册的虚拟机记录将从区域中删除。In this process, virtual machine records that were automatically registered are removed from the zone.

不。No. 如果删除链接的虚拟网络而不先将其从专用区域中取消链接,则删除操作将会成功,并且会自动清除指向 DNS 区域的链接。When you delete a linked virtual network without unlinking it from a private zone first, your deletion operation succeeds and the links to the DNS zone are automatically cleared.

即使专用区域(例如 private.contoso.com)已链接到虚拟网络,使用默认 FQDN (internal.cloudapp.net)的 DNS 解析仍有效?Will DNS resolution by using the default FQDN (internal.cloudapp.net) still work even when a private zone (for example, private.contoso.com) is linked to a virtual network?

可以。Yes. 专用区域不会替换默认的 Azure 提供的 internal.cloudapp.net 区域。Private Zones don't replace the default Azure-provided internal.cloudapp.net zone. 不管依赖于 Azure 提供的 internal.cloudapp.net 还是自己的专用区域,都请使用要解析的区域的 FQDN。Whether you rely on the Azure-provided internal.cloudapp.net or on your own private zone, use the FQDN of the zone you want to resolve against.

链接的虚拟网络中虚拟机上的 DNS 后缀是否会更改为专用区域的 DNS 后缀?Will the DNS suffix on virtual machines within a linked virtual network be changed to that of the private zone?

不。No. 链接的虚拟网络中虚拟机上的 DNS 后缀将保留为 Azure 提供的默认后缀(“*.internal.cloudapp.net”)。The DNS suffix on the virtual machines in your linked virtual network stays as the default Azure-provided suffix ("*.internal.cloudapp.net"). 可以手动将虚拟机上的此 DNS 后缀更改为专用区域的 DNS 后缀。You can manually change this DNS suffix on your virtual machines to that of the private zone. 有关如何更改此后缀的指导,请参阅使用动态 DNS 在自己的 DNS 服务器中注册主机名For guidance on how to change this suffix refer to Use dynamic DNS to register hostnames in your own DNS server

Azure DNS 专用区域的使用限制是什么?What are the usage limits for Azure DNS Private zones?

有关 Azure DNS 专用区域使用限制的详细信息,请参阅Azure DNS 限制Refer to Azure DNS limits for details on the usage limits for Azure DNS private zones.

为什么现有的专用 DNS 区域未显示在新的门户体验中?Why don’t my existing private DNS zones show up in new portal experience?

如果你的现有专用 DNS 区域是使用预览 API 创建的,则必须将这些区域迁移到新的资源模型。If your existing private DNS zone were created using preview API, you must migrate these zones to new resource model. 使用预览 API 创建专用 DNS 区域将不会显示在新的门户体验中。Private DNS zones created using preview API will not show up in new portal experience. 请参阅下面的说明,了解如何迁移到新资源模型。See below for instructions on how to migrate to new resource model.

如何实现将现有的专用 DNS 区域迁移到新模型吗?How do I migrate my existing private DNS zones to the new model?

强烈建议尽快迁移到新资源模型。We strongly recommend that you migrate to the new resource model as soon as possible. 但将支持旧版资源模型,但将不会在此模型的顶层开发进一步的功能。Legacy resource model will be supported, however, further features will not be developed on top of this model. 将来,我们打算弃用它来取代新资源模型。In future, we intend to deprecate it in favor of new resource model. 有关如何将现有专用 DNS 区域迁移到新资源模型的指导,请参阅Azure DNS 专用区域的迁移指南For guidance on how to migrate your existing private DNS zones to new resource model seemigration guide for Azure DNS private zones.

后续步骤Next steps