我需要从我的Azure VM启动IPv6 DNS查询。我需要控制这个查询的所有参数。我可以通过网络呼叫或通过dig命令来完成。我可以使用Azure执行此操作吗?这可能是:负载平衡器可以支持出站IPv6 DNS查询吗?
我们需要确认我们的DNS服务器处理了通过IPv6传入的查询,Azure是我们可以使用的云提供商之一。这并不容易,但我最终还是成功了。
为了从Azure虚拟机获取传出IPv6服务,需要在具有负载平衡器的可用性集中创建虚拟机,该负载平衡器具有公共动态IPv6地址、IPv4和IPv6的入站NAT规则以及相同的负载平衡规则。现有虚拟机无法重新配置以支持此功能。Azure似乎在配置的负载平衡器和您放入同一可用性集中的虚拟机之间创建了一些隧道。从虚拟机的角度来看,这并不明显,只是你只能通过IPv6与外部互联网通信,而不能与Azure提交中的其他虚拟机通信。
IPv6支持目前无法通过Azure门户进行配置。我大量使用了以下两个链接来实现这一点:
https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-ipv6-overview
https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-ipv6-internet-ps
您将需要一个Windows虚拟机来运行上面的大部分内容;适用于Linux和AzureRM的PowerShell。NetCore。预览与Windows中的PowerShell功能不对等。
我不得不在上面的例子中破解一段时间,然后才想出下面的。。。你可能还需要破解一些才能在你的环境中工作。注意,我从Powershell ISE中运行了这个脚本,这样我就可以根据需要使用$mySecureCredentials和Login AzureRMAccount预配置环境。
下面将创建一个Centos 7.3虚拟机,该虚拟机可以启动针对互联网的IPv6 DNS查询。请注意,重新启动后,您必须在来宾中启用IPv6接口。不幸的是,我的代表太低,无法发布2个以上的链接,所以搜索"azure linux dhcp ipv6",看看如何在您的VM上启用DHCPv6客户端配置。
$resgroupName = 'YourResourceGroup'
$location = 'east US' # of course, select your preferred location
# you will need some secure credentials. run something like:
# $mySecureCredentials = Get-Credential -Message "Type the username and password of the local administrator account."
# you will also need to log into azure (Login-AzureRMAccount)
# IP addresses, load balancer config
$publicIPv4= New-AzureRmPublicIpAddress -name 'lb-pub-ipv4' -ResourceGroupName $resgroupName -location $location `
-Allocationmethod Static -IpAddressVersion IPv4 -domainnamelabel my-lbnrpipv4
$publicIPv6 = New-AzureRmPublicIpAddress -name 'lb-pub-ipv6' -ResourceGroupName $resgroupName -location $location `
-AllocationMethod Dynamic -IpAddressVersion IPv6 -DomainNameLabel my-lbnrpipv6
$FEIPConfigv4 = New-AzureRmLoadBalancerFrontendIpConfig -name "LB-Frontendv4" -PublicIpAddress $publicIPv4
$FEIPConfigv6 = New-AzureRmLoadBalancerFrontendIpConfig -name "LB-Frontendv6" -PublicIpAddress $publicIPv6
$backendpoolipv4 = New-AzureRmLoadBalancerBackendAddressPoolConfig -name "BackendPoolIPv4"
$backendpoolipv6 = New-AzureRmLoadBalancerBackendAddressPoolConfig -name "BackendPoolIPv6"
# This script assumes you already have a virtual network defined - replace myRG-vnet with the name of the virtual network you want to use.
$vnet = Get-AzureRmVirtualNetwork -name myRG-vnet -ResourceGroupName $resgroupName
# I assume you want to use the default subnet.
$backendSubnet = Get-AzureRmVirtualNetworkSubnetConfig -name default -virtualnetwork $vnet
# Create NAT rules for load balancer
# Even if you don't actually need any inbound rules, some rules appear to be necessary to make outbound IPv6 work.
# Inbound SSH
$inboundNATRule1v4 = New-AzureRmLoadBalancerInboundNatRuleConfig -name "NicNatRulev4" -FrontendIpConfiguration $FEIPConfigv4 -Protocol TCP -FrontendPort 22 -BackendPort 22
$inboundNATRule1v6 = New-AzureRmLoadBalancerInboundNatRuleConfig -name "NicNatRulev6" -FrontendIpConfiguration $FEIPConfigv6 -Protocol TCP -FrontendPort 22 -BackendPort 22
$lbrule1v4 = New-AzureRmLoadBalancerRuleConfig -name "HTTPv4" -FrontendIpConfiguration $FEIPConfigv4 -BackendAddressPool $backendpoolipv4 -Protocol TCP -FrontendPort 80 -BackendPort 80
$lbrule1v6 = New-AzureRmLoadBalancerRuleConfig -name "HTTPv6" -FrontendIpConfiguration $FEIPConfigv6 -BackendAddressPool $backendpoolipv6 -Protocol TCP -FrontendPort 80 -BackendPort 80
$NRPLB = New-AzureRmLoadBalancer -ResourceGroupName $resgroupName -name 'myNrpIPv6LB' -location $location `
-FrontendIpConfiguration $FEIPConfigv4,$FEIPConfigv6 -BackendAddressPool $backendpoolipv4,$backendpoolipv6 `
-LoadBalancingRule $lbrule1v4,$lbrule1v6 -inboundNatRule $inboundNATRule1v4,$inboundNATRule1v6
$nic1IPv4 = New-AzureRmNetworkInterfaceIpConfig -name "IPv4IPConfig" -PrivateIpAddressVersion "IPv4" -subnet $backendSubnet -LoadBalancerBackendAddressPool $backendpoolipv4 -LoadBalancerInboundNatRule $inboundNATRule1v4
$nic1IPv6 = New-AzureRmNetworkInterfaceIpConfig -name "IPv6IPConfig" -PrivateIpAddressVersion "IPv6" -LoadBalancerBackendAddressPool $backendpoolipv6 -LoadBalancerInboundNatRule $inboundNATRule1v6
$nic1 = New-AzureRmNetworkInterface -Name 'myNrpIPv6Nic0' -IpConfiguration $nic1IPv4,$nic1IPv6 `
-resourceGroupName $resgroupName -location $location
New-AzureRmAvailabilitySet -name "myNrpIPv6AvSet" -resourcegroupname $resgroupName -location $location
$avset1 = Get-AzureRmAvailabilitySet -resourcegroupname $resgroupName -name 'myNrpIPv6AvSet'
try {
New-AzureRmStorageAccount -ResourceGroupName $resgroupName -name 'mynrpipv6stacct' -location $location -skuname `
"Standard_LRS" -erroraction stop
} catch {
echo "new storage account failed, let's just hope it was a dup and gets found anyway"
}
# find my existing storage account
$storAcct = Get-AzureRmStorageAccount -resourcegroupname $resgroupName -name 'mynrpipv6stacct'
if ($storAcct -eq $null) {
throw "I could not find a storage accoount"
}
$nic1 = Get-AzureRmNetworkInterface -ResourceGroupName $resgroupName -name 'myNrpIPv6Nic0'
$vm1 = New-AzureRmVMConfig -vmName 'myNrpLinuxIPv6VM1' -vmSize 'Standard_d1' -AvailabilitySetId $avset1.Id
$vm1 = Set-AzureRmVMOperatingSystem -vm $vm1 -Linux -ComputerName 'myNrpLinuxIPv6VM1' -Credential $mySecureCredentials
$vm1 = Set-AzureRmVMSourceImage -VM $vm1 -PublisherName OpenLogic -Offer CentOS -Skus '7.3' -Version "latest"
$vm1 = Add-AzureRmVMNetworkInterface -VM $vm1 -Id $nic1.Id -Primary
$osDisk1Uri = $storAcct.PrimaryEndpoints.Blob.ToString() + "vhds/myNrpLinuxIPv6VM1osdisk.vhd"
$vm1 = Set-AzureRmVMOSDisk -VM $vm1 -Name 'myNrpLinuxIPv6VM1osdisk' -VhdUri $osDisk1Uri -CreateOption FromImage
echo now creating...
new-azurermvm -ResourceGroupName $resgroupName -location $location -VM $vm1
echo done
我不明白您所说的启动IPv6查询是什么意思。您的意思是查询AAAA记录还是IPv6网络流量?如果你指的是查询类型,那么nslookup和dig等工具允许你控制查询,但当在浏览器等工具中查找主机名时,它们让操作系统决定如何解析名称,这不是Azure特有的。如果你谈论的是IP级别的流量,那么Azure DNS递归解析程序目前只能使用IPv4联系。