什麼是 Azure Private DNS?What is Azure Private DNS?

「網域名稱系統」(DNS) 會負責將服務名稱轉譯 (或解析) 為其 IP 位址。The Domain Name System, or DNS, is responsible for translating (or resolving) a service name to its IP address. Azure DNS 是 DNS 網域的主機服務,採用 Microsoft Azure 基礎結構來提供名稱解析。Azure DNS is a hosting service for DNS domains, providing name resolution using the Microsoft Azure infrastructure. 除了支援網際網路對向 DNS 網域之外,Azure DNS 也支援私人 DNS 區域。In addition to supporting internet-facing DNS domains, Azure DNS also supports private DNS zones.

Azure Private DNS 提供一個可靠、安全的 DNS 服務,讓您不必新增自訂 DNS 解決方案,就能管理及解析虛擬網路中的網域名稱。Azure Private DNS provides a reliable, secure DNS service to manage and resolve domain names in a virtual network without the need to add a custom DNS solution. 藉由使用私人 DNS 區域,您就可以使用自己的自訂網域名稱,而不是現今可用的 Azure 提供名稱。By using private DNS zones, you can use your own custom domain names rather than the Azure-provided names available today. 使用自訂網域名稱可協助您量身打造虛擬網路架構,來充分滿足您的組織需求。Using custom domain names helps you to tailor your virtual network architecture to best suit your organization's needs. 它可以為虛擬網路內的虛擬機器 (VM) 及虛擬網路之間提供名稱解析。It provides name resolution for virtual machines (VMs) within a virtual network and between virtual networks. 此外,您還可以利用水平分割檢視來設定區域名稱,使私人與公用 DNS 區域能夠共用名稱。Additionally, you can configure zones names with a split-horizon view, which allows a private and a public DNS zone to share the name.

若要從您的虛擬網路解析私人 DNS 區域的記錄,您必須將虛擬網路連結至該區域。To resolve the records of a private DNS zone from your virtual network, you must link the virtual network with the zone. 連結的虛擬網路具有完整存取權,且可解析在私人區域中發佈的所有 DNS 記錄。Linked virtual networks have full access and can resolve all DNS records published in the private zone. 此外,您也可以在虛擬網路連結上啟用自動註冊。Additionally, you can also enable autoregistration on a virtual network link. 如果您在虛擬網路連結上啟用自動註冊,該虛擬網路上的虛擬機器 DNS 記錄會註冊在私人區域中。If you enable autoregistration on a virtual network link, the DNS records for the virtual machines on that virtual network are registered in the private zone. 啟用自動註冊時,Azure DNS 也會在每次建立虛擬機器時更新區域記錄,變更其 IP 位址,或者在刪除虛擬機器時更新。When autoregistration is enabled, Azure DNS also updates the zone records whenever a virtual machine is created, changes its' IP address, or is deleted.

DNS 概觀

注意

最佳做法是請勿為您的私人 DNS 區域使用 .local 網域。As a best practice, do not use a .local domain for your private DNS zone. 並非所有作業系統都支援它。Not all operating systems support this.

優點Benefits

Azure Private DNS 提供下列優點:Azure Private DNS provides the following benefits:

  • 不再需要自訂 DNS 解決方案Removes the need for custom DNS solutions. 以前,許多客戶建立自訂 DNS 解決方案來管理其虛擬網路中的 DNS 區域。Previously, many customers created custom DNS solutions to manage DNS zones in their virtual network. 您現在可以使用原生 Azure 基礎結構來管理 DNS 區域,擺脫了建立和管理自訂 DNS 解決方案的負擔。You can now manage DNS zones using the native Azure infrastructure, which removes the burden of creating and managing custom DNS solutions.

  • 使用所有常見的 DNS 記錄類型Use all common DNS records types. Azure DNS 支援 A、AAAA、CNAME、MX、PTR、SOA、SRV 及 TXT 記錄。Azure DNS supports A, AAAA, CNAME, MX, PTR, SOA, SRV, and TXT records.

  • 自動主機名稱記錄管理Automatic hostname record management. 除了裝載您的自訂 DNS 記錄之外,Azure 還會自動維護所指定虛擬網路中 VM 的主機名稱記錄。Along with hosting your custom DNS records, Azure automatically maintains hostname records for the VMs in the specified virtual networks. 在此案例中,您無須建立自訂 DNS 解決方案或修改應用程式,即可將您使用的網域名稱最佳化。In this scenario, you can optimize the domain names you use without needing to create custom DNS solutions or modify applications.

  • 虛擬網路之間的主機名稱解析Hostname resolution between virtual networks. 不同於 Azure 提供的主機名稱,私人 DNS 區域可以在虛擬網路之間共用。Unlike Azure-provided host names, private DNS zones can be shared between virtual networks. 此功能簡化了跨網路及服務探索案例,例如虛擬網路對等互連。This capability simplifies cross-network and service-discovery scenarios, such as virtual network peering.

  • 熟悉的工具和使用者體驗Familiar tools and user experience. 為了縮短學習曲線,這個服務使用已經成熟的 Azure DNS 工具 (Azure 入口網站、Azure PowerShell、Azure CLI、Azure Resource Manager 範本和 REST API)。To reduce the learning curve, this service uses well-established Azure DNS tools (Azure portal, Azure PowerShell, Azure CLI, Azure Resource Manager templates, and the REST API).

  • 水平分割 DNS 支援Split-horizon DNS support. Azure DNS 可讓您建立具有相同名稱,但從虛擬網路內與從公用網際網路會解析成不同答案的區域。With Azure DNS, you can create zones with the same name that resolve to different answers from within a virtual network and from the public internet. 典型的水平分割 DNS 案例是提供一個專用的服務版本以供在您的虛擬網路內使用。A typical scenario for split-horizon DNS is to provide a dedicated version of a service for use inside your virtual network.

  • 所有 Azure 區域均可使用Available in all Azure regions. Azure DNS 私人區域已在 Azure 公用雲端中的所有 Azure 區域內正式運作。The Azure DNS private zones feature is available in all Azure regions in the Azure public cloud.

功能Capabilities

Azure DNS 提供以下功能:Azure DNS provides the following capabilities:

  • 若虛擬網路連結至已啟用自動註冊的私人區域,為此虛擬網路中的虛擬機器進行自動註冊Automatic registration of virtual machines from a virtual network that's linked to a private zone with autoregistration enabled. 虛擬機器將會在私人區域中註冊 (新增) 為指向其私人 IP 位址的 A 記錄。The virtual machines are registered (added) to the private zone as A records pointing to their private IP addresses. 在已啟用自動註冊的虛擬網路連結中虛擬機器遭到刪除時,Azure DNS 也會自動從連結的私人區域中移除對應的 DNS 記錄。When a virtual machine in a virtual network link with autoregistration enabled is deleted, Azure DNS also automatically removes the corresponding DNS record from the linked private zone.

  • 針對已連結到私人區域的多個虛擬網路,支援正向 DNS 解析Forward DNS resolution is supported across virtual networks that are linked to the private zone. 針對跨虛擬網路的 DNS 解析,並沒有虛擬網路彼此間對等互連的明確相依性。For cross-virtual network DNS resolution, there's no explicit dependency such that the virtual networks are peered with each other. 不過,您可能會想在其他案例中 (例如 HTTP 流量) 讓虛擬網路對等互連。However, you might want to peer virtual networks for other scenarios (for example, HTTP traffic).

  • 在虛擬網路範圍內支援反向 DNS 查閱Reverse DNS lookup is supported within the virtual-network scope. 針對指派到私人區域的虛擬網路內私人 IP 位址的反向 DNS 查閱,將會傳回包含主機/記錄名稱以及用區域名稱作為尾碼的 FQDN。Reverse DNS lookup for a private IP within the virtual network assigned to a private zone returns the FQDN that includes the host/record name and the zone name as the suffix.

其他考量Other considerations

Azure DNS 有下列限制:Azure DNS has the following limitations:

  • 如果已啟用 VM DNS 記錄的自動註冊,則特定虛擬網路只能連結到一個私人區域。A specific virtual network can be linked to only one private zone if automatic registration of VM DNS records is enabled. 不過您可以將多個虛擬網路連結至單一 DNS 區域。You can however link multiple virtual networks to a single DNS zone.
  • 反向 DNS 只適用於已連結虛擬網路中的私人 IP 空間Reverse DNS works only for private IP space in the linked virtual network
  • 已連結虛擬網路的私人 IP 位址反向 DNS 會傳回 internal.cloudapp.net 作為虛擬機器的預設尾碼。Reverse DNS for a private IP address for a linked virtual network returns internal.cloudapp.net as the default suffix for the virtual machine. 若虛擬網路連結至已啟用自動註冊的私人區域,私人 IP 位址的反向 DNS 會傳回兩個 FQDN,一個具有預設尾碼 internal.cloudapp.net,另一個則具有私人區域的尾碼。For virtual networks that are linked to a private zone with autoregistration enabled, reverse DNS for a private IP address returns two FQDNs: one with default the suffix internal.cloudapp.net and another with the private zone suffix.
  • 目前無法原生支援條件式轉送。Conditional forwarding is not currently natively supported. 若要啟用 Azure 和內部部署網路之間的解析,請參閱 VM 與角色執行個體的名稱解析To enable resolution between Azure and on-premises networks, see Name resolution for VMs and role instances.

定價Pricing

如需價格相關資訊,請參閱 Azure DNS 定價For pricing information, see Azure DNS Pricing.

下一步Next steps