堆栈内存溢出
  简体   繁体   English

是否有必要为 Azure 中的 PaaS 服务的私有端点创建私有 DNS 区域?

[英]Is it necessary to create a private DNS zone for private endpoints to PaaS services in Azure?

 原文  2022-09-27 12:10:56       azure/ azure-storage/ azure-dns

问题描述

Right now I'm creating some private endpoints for a number of Azure Storage services.现在我正在为一些 Azure 存储服务创建一些私有端点。 There are two storage accounts, for the first I create a blob endpoint and a queue endpoint.有两个存储帐户,第一个我创建一个 blob 端点和一个队列端点。 For the second account I create a blob endpoint and a dfs endpoint.对于第二个帐户,我创建了一个 blob 端点和一个 dfs 端点。

When I try connecting to the endpoints from a machine outside of the VNET using the regular connection strings (that now point to the privatelink resources), I seem to not be able to reach the resource as expected.当我尝试使用常规连接字符串(现在指向 privatelink 资源)从 VNET 外部的机器连接到端点时,我似乎无法按预期访问资源。 Trying to connect to it from a VM and an AKS cluster within the same VNET as the private endpoints, I am able to connect.尝试从与专用端点相同的 VNET 中的 VM 和 AKS 群集连接到它,我能够连接。

If these are basically my only use cases, and I'm ok using the default names to connect to the private endpoint resources, is it OK to not create a private DNS zone?如果这些基本上是我唯一的用例,并且我可以使用默认名称连接到私有端点资源,那么不创建私有 DNS 区域是否可以?

It is a bit unclear to me from the documentation whether this is a necessity.从文档中我有点不清楚这是否是必要的。

1 个解决方案

解决方案1
 1  2022-09-27 13:10:32

By using private link you create an endpoint into your vnet/subnet.通过使用私有链接,您可以在您的 vnet/子网中创建一个端点。 The private DNS is linked to your vnet and allows you to direct the traffic to that private endpoint (eg 10.1.0.4 ) by using the storage domain.私有 DNS 链接到您的 vnet,并允许您使用存储域将流量定向到该私有端点(例如10.1.0.4 )。

It's not nessecary to have that private DNS.拥有私有 DNS 并不是必需的。 But that means you'll need to connect directly to private ip address of that endpoint.但这意味着您需要直接连接到该端点的私有 ip 地址。 While that is technically possible you'll likely run into some issues such as the server not knowing which domain is requested without host header and issues with the SSL certificate.虽然这在技术上是可行的,但您可能会遇到一些问题,例如服务器不知道在没有主机 header 的情况下请求哪个域以及 SSL 证书问题。

I would therefore recommended always using the private DNS.因此,我建议始终使用私有 DNS。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为 Azure 容器注册表 (ACR) 的私有终结点创建动态私有 dns 区域记录 - Creating dynamic private dns zone records for private endpoints of Azure Container Registry (ACR) Azure 私人 DNS 区域查询 - PowerShell - Azure Private DNS Zone Query - PowerShell Azure 专用链接 - DNS 区域设置 - Azure Private Link - DNS Zone Setup 什么是 Azure 私有 DNS 区域组? - What is Azure Private DNS Zone Group? 无法通过点到站点 VPN 连接将私有 dns 区域解析为 Azure - Not resolving private dns zone over point to site VPN connection into Azure Ansible:更新 Azure 中的私有 DNS 区域时出现“unknown type long” - Ansible: "unknown type long" when updating Private DNS Zone in Azure Azure 私有端点和 Terraform - Azure private endpoints and Terraform Azure 私有端点 - Azure Private Endpoints Azurescaleset专用DNS - Azure scaleset private DNS 在Windows Azure上使用相同的专用端口创建两个终结点 - Create two endpoints with the same private port on Windows Azure
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM