什麼是 Azure DNS?What is Azure DNS?

Azure DNS 是 DNS 網域的主機服務,採用 Microsoft Azure 基礎結構來提供名稱解析。Azure DNS is a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure. 只要將您的網域裝載於 Azure,就可以像管理其他 Azure 服務一樣,使用相同的認證、API、工具和計費方式來管理 DNS 記錄。By hosting your domains in Azure, you can manage your DNS records by using the same credentials, APIs, tools, and billing as your other Azure services.

您無法使用 Azure DNS 來購買網域名稱。You can't use Azure DNS to buy a domain name. 如果支付年費,則可以使用 App Service 網域或第三方網域名稱註冊機構來購買網域名稱。For an annual fee, you can buy a domain name by using App Service domains or a third-party domain name registrar. 然後,便可以在 Azure DNS 中裝載您的網域以管理記錄。Your domains then can be hosted in Azure DNS for record management. 如需詳細資訊,請參閱將網域委派給 Azure DNSFor more information, see Delegate a domain to Azure DNS.

Azure DNS 包含下列功能。The following features are included with Azure DNS.

可靠性和效能Reliability and performance

Azure DNS 中的 DNS 網域裝載於 Azure 的 DNS 名稱伺服器全球網路。DNS domains in Azure DNS are hosted on Azure's global network of DNS name servers. Azure DNS 會使用「任一傳播」網路。Azure DNS uses anycast networking. 每個 DNS 查詢是由最接近的可用 DNS 伺服器回答,而為您的網域提供快速的效能和高可用性。Each DNS query is answered by the closest available DNS server to provide fast performance and high availability for your domain.

安全性Security

Azure DNS 以 Azure Resource Manager 為基礎,可提供下功能:Azure DNS is based on Azure Resource Manager, which provides features such as:

  • Azure 角色型存取控制 (Azure RBAC),用以控制哪些人能存取組織的特定動作。Azure role-based access control (Azure RBAC) to control who has access to specific actions for your organization.

  • 活動記錄,用以監視組織中的使用者修改資源的情形,或在進行疑難排解時找出錯誤。Activity logs to monitor how a user in your organization modified a resource or to find an error when troubleshooting.

  • 資源鎖定,用以鎖定訂用帳戶、資源群組或資源。Resource locking to lock a subscription, resource group, or resource. 鎖定可避免組織中的其他使用者不小心刪除或修改重要資源。Locking prevents other users in your organization from accidentally deleting or modifying critical resources.

如需詳細資訊,請參閱如何保護 DNS 區域和記錄For more information, see How to protect DNS zones and records.

DNSSECDNSSEC

Azure DNS 目前不支援 DNSSEC。Azure DNS does not currently support DNSSEC. 在大部分情況下,您可以藉著在您的應用程式中一致使用 HTTPS/TLS 來減少 DNSSEC 的需求。In most cases, you can reduce the need for DNSSEC by consistently using HTTPS/TLS in your applications. 如果 DNSSEC 是 DNS 區域的重要需求,您可以使用協力廠商 DNS 主機服務提供者來裝載這些區域。If DNSSEC is a critical requirement for your DNS zones, you can host these zones with third-party DNS hosting providers.

容易使用Ease of use

Azure DNS 可為您的 Azure 服務管理 DNS 記錄,也可為您的外部資源提供 DNS。Azure DNS can manage DNS records for your Azure services and provide DNS for your external resources as well. Azure DNS 已在 Azure 入口網站中進行整合,並且使用與您其他 Azure 服務相同的認證、支援合約和計費。Azure DNS is integrated in the Azure portal and uses the same credentials, support contract, and billing as your other Azure services.

DNS 會依據 Azure 所裝載的 DNS 區域數量,以及所接收的 DNS 查詢數量計費。DNS billing is based on the number of DNS zones hosted in Azure and on the number of DNS queries received. 若要深入了解定價,請參閱 Azure DNS 定價To learn more about pricing, see Azure DNS pricing.

您可以使用 Azure 入口網站、Azure PowerShell Cmdlet 和跨平台 Azure CLI 來管理網域和記錄。Your domains and records can be managed by using the Azure portal, Azure PowerShell cmdlets, and the cross-platform Azure CLI. 需要自動化 DNS 管理的應用程式,可以使用 REST API 和 SDK 與服務進行整合。Applications that require automated DNS management can integrate with the service by using the REST API and SDKs.

使用私人網域的可自訂虛擬網路Customizable virtual networks with private domains

Azure DNS 也支援私人 DNS 網域。Azure DNS also supports private DNS domains. 此功能可讓您在私人虛擬網路中使用自己的自訂網域名稱,而不是 Azure 目前提供的可用名稱。This feature allows you to use your own custom domain names in your private virtual networks rather than the Azure-provided names available today.

如需詳細資訊,請參閱將 Azure DNS 用於私人網域For more information, see Use Azure DNS for private domains.

別名記錄Alias records

Azure DNS 支援別名記錄集。Azure DNS supports alias record sets. 您可以使用別名記錄集以參考 Azure 資源,例如 Azure 共用 IP 位址、Azure 流量管理員設定檔,或 Azure 內容傳遞網路 (CDN) 端點。You can use an alias record set to refer to an Azure resource, such as an Azure public IP address, an Azure Traffic Manager profile, or an Azure Content Delivery Network (CDN) endpoint. 如果基礎資源的 IP 位址變更,別名記錄集會在 DNS 解析期間自行順暢地更新。If the IP address of the underlying resource changes, the alias record set seamlessly updates itself during DNS resolution. 別名記錄集指向服務執行個體,而且服務執行個體與 IP 位址相關聯。The alias record set points to the service instance, and the service instance is associated with an IP address.

此外,您現在可以使用別名記錄,將您的 apex 或裸網域指向流量管理員設定檔或 CDN 端點。Also, you can now point your apex or naked domain to a Traffic Manager profile or CDN endpoint using an alias record. 例如 contoso.com。An example is contoso.com.

如需詳細資訊,請參閱 Azure DNS 別名記錄的概觀For more information, see Overview of Azure DNS alias records.

後續步驟Next steps