azure - Azure 上的 IPv6 DNS 查询

Question

我需要从我的 Azure VM 启动 IPv6 DNS 查询。我需要控制这个查询的所有参数。我可以通过网络调用或 dig 命令来完成。我可以使用 Azure 执行此操作吗？这可能是:负载均衡器是否支持出站 IPv6 DNS 查询？

Answer 1

我们需要确认我们的 DNS 服务器能够处理通过 IPv6 传入的查询，而 Azure 是我们可以使用的云提供商之一。这并不容易，但我最终成功了。

为了从 Azure VM 获取传出 IPv6 服务，需要在具有负载均衡器的可用性集中创建 VM，该负载均衡器具有公共(public)动态 IPv6 地址、IPv4 和 IPv6 的入站 NAT 规则以及相同的。现有虚拟机无法重新配置以支持此功能。 Azure 似乎在配置的负载均衡器和放置在同一可用性集中的虚拟机之间创建了一些隧道。从 VM 的角度来看，这一点并不明显，除非您只能通过 IPv6 与外部 Internet 进行通信，而不能与 Azure 提交中的其他 VM 进行通信。

目前无法通过 Azure 门户配置 IPv6 支持。我大量使用了以下两个链接来使其正常工作:

https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-ipv6-overview

https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-ipv6-internet-ps

您需要一个 Windows VM 来运行上述大部分内容；适用于 Linux 和 AzureRM.NetCore.Preview 的 PowerShell 与 Windows 中的 PowerShell 不具有同等功能。

在提出以下内容之前，我必须对上面的示例进行一些修改......您可能需要对其进行更多修改才能在您的环境中工作。请注意，我从 Powershell ISE 中运行此脚本，因此我可以根据需要使用 $mySecureCredentials 和 Login-AzureRMAccount 预先配置环境。

下面将创建一个 Centos 7.3 VM，它可以针对 Internet 发起 IPv6 DNS 查询。请注意，重新启动后，您必须在 guest 中启用 IPv6 接口(interface)。不幸的是，我的代表太低，无法发布超过 2 个链接，因此搜索“azure linux dhcp ipv6”以了解如何在虚拟机上启用 DHCPv6 客户端配置。

<小时/>

$resgroupName = 'YourResourceGroup'

$location = 'east US'  # of course, select your preferred location
# you will need some secure credentials.  run something like:
# $mySecureCredentials = Get-Credential -Message "Type the username and password of the local administrator account."

# you will also need to log into azure (Login-AzureRMAccount)

# IP addresses, load balancer config

$publicIPv4= New-AzureRmPublicIpAddress -name 'lb-pub-ipv4' -ResourceGroupName $resgroupName -location $location `
-Allocationmethod Static -IpAddressVersion IPv4 -domainnamelabel my-lbnrpipv4

$publicIPv6 = New-AzureRmPublicIpAddress -name 'lb-pub-ipv6' -ResourceGroupName $resgroupName -location $location `
-AllocationMethod Dynamic -IpAddressVersion IPv6 -DomainNameLabel my-lbnrpipv6


$FEIPConfigv4 = New-AzureRmLoadBalancerFrontendIpConfig -name "LB-Frontendv4" -PublicIpAddress $publicIPv4

$FEIPConfigv6 = New-AzureRmLoadBalancerFrontendIpConfig -name "LB-Frontendv6" -PublicIpAddress $publicIPv6

$backendpoolipv4 = New-AzureRmLoadBalancerBackendAddressPoolConfig -name "BackendPoolIPv4"

$backendpoolipv6 = New-AzureRmLoadBalancerBackendAddressPoolConfig -name "BackendPoolIPv6"

# This script assumes you already have a virtual network defined - replace myRG-vnet with the name of the virtual network you want to use.

$vnet = Get-AzureRmVirtualNetwork -name myRG-vnet -ResourceGroupName $resgroupName

# I assume you want to use the default subnet.

$backendSubnet = Get-AzureRmVirtualNetworkSubnetConfig -name default -virtualnetwork $vnet

# Create NAT rules for load balancer
# Even if you don't actually need any inbound rules, some rules appear to be necessary to make outbound IPv6 work.

# Inbound SSH
$inboundNATRule1v4 = New-AzureRmLoadBalancerInboundNatRuleConfig -name "NicNatRulev4" -FrontendIpConfiguration $FEIPConfigv4 -Protocol TCP -FrontendPort 22 -BackendPort 22
$inboundNATRule1v6 = New-AzureRmLoadBalancerInboundNatRuleConfig -name "NicNatRulev6" -FrontendIpConfiguration $FEIPConfigv6 -Protocol TCP -FrontendPort 22 -BackendPort 22

$lbrule1v4 = New-AzureRmLoadBalancerRuleConfig -name "HTTPv4" -FrontendIpConfiguration $FEIPConfigv4 -BackendAddressPool $backendpoolipv4 -Protocol TCP -FrontendPort 80 -BackendPort 80
$lbrule1v6 = New-AzureRmLoadBalancerRuleConfig -name "HTTPv6" -FrontendIpConfiguration $FEIPConfigv6 -BackendAddressPool $backendpoolipv6 -Protocol TCP -FrontendPort 80 -BackendPort 80

$NRPLB = New-AzureRmLoadBalancer -ResourceGroupName $resgroupName -name 'myNrpIPv6LB' -location $location `
-FrontendIpConfiguration $FEIPConfigv4,$FEIPConfigv6 -BackendAddressPool $backendpoolipv4,$backendpoolipv6 `
-LoadBalancingRule $lbrule1v4,$lbrule1v6 -inboundNatRule $inboundNATRule1v4,$inboundNATRule1v6

$nic1IPv4 = New-AzureRmNetworkInterfaceIpConfig -name "IPv4IPConfig" -PrivateIpAddressVersion "IPv4" -subnet $backendSubnet -LoadBalancerBackendAddressPool $backendpoolipv4 -LoadBalancerInboundNatRule $inboundNATRule1v4

$nic1IPv6 = New-AzureRmNetworkInterfaceIpConfig -name "IPv6IPConfig" -PrivateIpAddressVersion "IPv6" -LoadBalancerBackendAddressPool $backendpoolipv6 -LoadBalancerInboundNatRule $inboundNATRule1v6

$nic1 = New-AzureRmNetworkInterface -Name 'myNrpIPv6Nic0' -IpConfiguration $nic1IPv4,$nic1IPv6 `
-resourceGroupName $resgroupName -location $location

New-AzureRmAvailabilitySet -name "myNrpIPv6AvSet" -resourcegroupname $resgroupName -location $location

$avset1 = Get-AzureRmAvailabilitySet -resourcegroupname $resgroupName -name 'myNrpIPv6AvSet'

try {

 New-AzureRmStorageAccount -ResourceGroupName $resgroupName -name 'mynrpipv6stacct' -location $location -skuname `
 "Standard_LRS" -erroraction stop
   } catch {
     echo "new storage account failed, let's just hope it was a dup and gets found anyway"
 }

# find my existing storage account

$storAcct = Get-AzureRmStorageAccount -resourcegroupname $resgroupName -name 'mynrpipv6stacct'

if ($storAcct -eq $null) {
    throw "I could not find a storage accoount"
}

$nic1 = Get-AzureRmNetworkInterface -ResourceGroupName $resgroupName -name 'myNrpIPv6Nic0'

$vm1 = New-AzureRmVMConfig -vmName 'myNrpLinuxIPv6VM1' -vmSize 'Standard_d1' -AvailabilitySetId $avset1.Id
$vm1 = Set-AzureRmVMOperatingSystem -vm $vm1 -Linux -ComputerName 'myNrpLinuxIPv6VM1' -Credential $mySecureCredentials
$vm1 = Set-AzureRmVMSourceImage -VM $vm1 -PublisherName OpenLogic -Offer CentOS -Skus '7.3' -Version "latest"
$vm1 = Add-AzureRmVMNetworkInterface -VM $vm1 -Id $nic1.Id -Primary
$osDisk1Uri = $storAcct.PrimaryEndpoints.Blob.ToString() + "vhds/myNrpLinuxIPv6VM1osdisk.vhd"
$vm1 = Set-AzureRmVMOSDisk -VM $vm1 -Name 'myNrpLinuxIPv6VM1osdisk' -VhdUri $osDisk1Uri -CreateOption FromImage

echo now creating...
new-azurermvm -ResourceGroupName $resgroupName -location $location -VM $vm1

echo done