我需要从Azure VM启动IPv6 DNS查询。我需要控制此查询的所有参数。我可以通过网络电话或dig命令来完成。我可以用Azure做到这一点吗?这可能是:负载均衡器是否支持出站IPv6 DNS查询?
答案 0 :(得分:1)
我们需要确认我们的DNS服务器处理通过IPv6传入的查询,Azure是我们可以使用的云提供商之一。这并不容易,但我最终得到了它。
为了从Azure VM获取传出IPv6服务,需要在具有负载均衡器的可用性集中创建VM,该负载均衡器具有公共动态IPv6地址,IPv4和IPv6的入站NAT规则以及负载平衡规则相同。无法重新配置现有VM以支持此功能。 Azure似乎在配置的负载均衡器和您放在同一可用性集中的VM之间创建了一些隧道。从VM的角度来看,这一点并不明显,只是您只能通过IPv6与外部Internet进行通信,而不能与Azure提交中的其他VM进行通信。
目前无法通过Azure门户配置IPv6支持。我大量使用以下两个链接来实现这个目的:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-ipv6-overview
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-ipv6-internet-ps
您需要一台Windows VM才能运行上述大部分内容;适用于Linux的PowerShell和AzureRM.NetCore.Preview在Windows中没有与PowerShell功能相同的功能。
在提出以下内容之前,我不得不攻击上面的示例一段时间......您可能需要再次破解它才能在您的环境中工作。 请注意,我在Powershell ISE中运行此脚本,因此我可以根据需要使用$ mySecureCredentials和Login-AzureRMAccount预配置环境。
下面将创建一个可以针对Internet启动IPv6 DNS查询的Centos 7.3 VM。请注意,重新启动后,您必须在guest虚拟机中启用IPv6接口。不幸的是我的代表太低了,不能发布超过2个链接,所以搜索' azure linux dhcp ipv6'了解如何在VM上启用DHCPv6客户端配置。
$resgroupName = 'YourResourceGroup'
$location = 'east US' # of course, select your preferred location
# you will need some secure credentials. run something like:
# $mySecureCredentials = Get-Credential -Message "Type the username and password of the local administrator account."
# you will also need to log into azure (Login-AzureRMAccount)
# IP addresses, load balancer config
$publicIPv4= New-AzureRmPublicIpAddress -name 'lb-pub-ipv4' -ResourceGroupName $resgroupName -location $location `
-Allocationmethod Static -IpAddressVersion IPv4 -domainnamelabel my-lbnrpipv4
$publicIPv6 = New-AzureRmPublicIpAddress -name 'lb-pub-ipv6' -ResourceGroupName $resgroupName -location $location `
-AllocationMethod Dynamic -IpAddressVersion IPv6 -DomainNameLabel my-lbnrpipv6
$FEIPConfigv4 = New-AzureRmLoadBalancerFrontendIpConfig -name "LB-Frontendv4" -PublicIpAddress $publicIPv4
$FEIPConfigv6 = New-AzureRmLoadBalancerFrontendIpConfig -name "LB-Frontendv6" -PublicIpAddress $publicIPv6
$backendpoolipv4 = New-AzureRmLoadBalancerBackendAddressPoolConfig -name "BackendPoolIPv4"
$backendpoolipv6 = New-AzureRmLoadBalancerBackendAddressPoolConfig -name "BackendPoolIPv6"
# This script assumes you already have a virtual network defined - replace myRG-vnet with the name of the virtual network you want to use.
$vnet = Get-AzureRmVirtualNetwork -name myRG-vnet -ResourceGroupName $resgroupName
# I assume you want to use the default subnet.
$backendSubnet = Get-AzureRmVirtualNetworkSubnetConfig -name default -virtualnetwork $vnet
# Create NAT rules for load balancer
# Even if you don't actually need any inbound rules, some rules appear to be necessary to make outbound IPv6 work.
# Inbound SSH
$inboundNATRule1v4 = New-AzureRmLoadBalancerInboundNatRuleConfig -name "NicNatRulev4" -FrontendIpConfiguration $FEIPConfigv4 -Protocol TCP -FrontendPort 22 -BackendPort 22
$inboundNATRule1v6 = New-AzureRmLoadBalancerInboundNatRuleConfig -name "NicNatRulev6" -FrontendIpConfiguration $FEIPConfigv6 -Protocol TCP -FrontendPort 22 -BackendPort 22
$lbrule1v4 = New-AzureRmLoadBalancerRuleConfig -name "HTTPv4" -FrontendIpConfiguration $FEIPConfigv4 -BackendAddressPool $backendpoolipv4 -Protocol TCP -FrontendPort 80 -BackendPort 80
$lbrule1v6 = New-AzureRmLoadBalancerRuleConfig -name "HTTPv6" -FrontendIpConfiguration $FEIPConfigv6 -BackendAddressPool $backendpoolipv6 -Protocol TCP -FrontendPort 80 -BackendPort 80
$NRPLB = New-AzureRmLoadBalancer -ResourceGroupName $resgroupName -name 'myNrpIPv6LB' -location $location `
-FrontendIpConfiguration $FEIPConfigv4,$FEIPConfigv6 -BackendAddressPool $backendpoolipv4,$backendpoolipv6 `
-LoadBalancingRule $lbrule1v4,$lbrule1v6 -inboundNatRule $inboundNATRule1v4,$inboundNATRule1v6
$nic1IPv4 = New-AzureRmNetworkInterfaceIpConfig -name "IPv4IPConfig" -PrivateIpAddressVersion "IPv4" -subnet $backendSubnet -LoadBalancerBackendAddressPool $backendpoolipv4 -LoadBalancerInboundNatRule $inboundNATRule1v4
$nic1IPv6 = New-AzureRmNetworkInterfaceIpConfig -name "IPv6IPConfig" -PrivateIpAddressVersion "IPv6" -LoadBalancerBackendAddressPool $backendpoolipv6 -LoadBalancerInboundNatRule $inboundNATRule1v6
$nic1 = New-AzureRmNetworkInterface -Name 'myNrpIPv6Nic0' -IpConfiguration $nic1IPv4,$nic1IPv6 `
-resourceGroupName $resgroupName -location $location
New-AzureRmAvailabilitySet -name "myNrpIPv6AvSet" -resourcegroupname $resgroupName -location $location
$avset1 = Get-AzureRmAvailabilitySet -resourcegroupname $resgroupName -name 'myNrpIPv6AvSet'
try {
New-AzureRmStorageAccount -ResourceGroupName $resgroupName -name 'mynrpipv6stacct' -location $location -skuname `
"Standard_LRS" -erroraction stop
} catch {
echo "new storage account failed, let's just hope it was a dup and gets found anyway"
}
# find my existing storage account
$storAcct = Get-AzureRmStorageAccount -resourcegroupname $resgroupName -name 'mynrpipv6stacct'
if ($storAcct -eq $null) {
throw "I could not find a storage accoount"
}
$nic1 = Get-AzureRmNetworkInterface -ResourceGroupName $resgroupName -name 'myNrpIPv6Nic0'
$vm1 = New-AzureRmVMConfig -vmName 'myNrpLinuxIPv6VM1' -vmSize 'Standard_d1' -AvailabilitySetId $avset1.Id
$vm1 = Set-AzureRmVMOperatingSystem -vm $vm1 -Linux -ComputerName 'myNrpLinuxIPv6VM1' -Credential $mySecureCredentials
$vm1 = Set-AzureRmVMSourceImage -VM $vm1 -PublisherName OpenLogic -Offer CentOS -Skus '7.3' -Version "latest"
$vm1 = Add-AzureRmVMNetworkInterface -VM $vm1 -Id $nic1.Id -Primary
$osDisk1Uri = $storAcct.PrimaryEndpoints.Blob.ToString() + "vhds/myNrpLinuxIPv6VM1osdisk.vhd"
$vm1 = Set-AzureRmVMOSDisk -VM $vm1 -Name 'myNrpLinuxIPv6VM1osdisk' -VhdUri $osDisk1Uri -CreateOption FromImage
echo now creating...
new-azurermvm -ResourceGroupName $resgroupName -location $location -VM $vm1
echo done
答案 1 :(得分:0)
启动IPv6查询,我不明白你的意思。您是指查询AAAA记录还是指IPv6网络流量?如果你的意思是他的查询类型,那么像nslookup和dig这样的工具允许你控制查询,但是当在浏览器这样的东西中查找主机名时,他们会让操作系统决定如何解析名称,而不是Azure特定的。如果您正在谈论IP级别流量,则Azure DNS递归解析器目前只能使用IPv4进行联系。