= I-WAN eyi-Virtual ene-Private DNS Zones yezinsizakalo ze-PaaS - amaseva e-DNS =

Iyiphi indlela efanele yokumisa i-vWAN equkethe i-Azure Private DNS Zones yezinsizakalo ze-PaaS ukuze kamuva ama-VNET akhulume (kanye namanethiwekhi asendaweni) akwazi ukuxazulula yonke into edingekayo?
Njengoba sazi, i-VNET eyodwa ingaxhunyaniswa neNdawo Eyimfihlo ye-DNS eyodwa kuphela yegama elithile (isb. Angikwazi ukuba ne-privatelink.azurewebsites.net engu-2 ehlukile exhunywe ku-VNET efanayo)

Kuhabhu evamile, ephethwe ngesandla& i-architecture ekhulumile ngizoxhumanisa wonke ama-Private DNS Zones ku-Hub yami

Ku-vWAN, i-Hub iphethwe yi-Microsoft ngakho-ke angikwazi ukuxhuma noma yini ku-Hub VNET. Ngicabanga ukuthi kufanele ngidale "i-spoke"ehlukene exhunywe ku-Hub ezoqukatha wonke ama-Private DNS Zones kanye ne-VNET enezixhumanisi zamazoni. Bese, izixhumanisi eziyimfihlo zingaxazululwa kusukela kule VNET

Ingabe kufanele ngivele ngidale i-Azure Private DNS Resolver (noma amaseva e-DNS ku-VM, akunandaba lapha) kule VNET bese kuthi i-VNET ngayinye ikhulume kufanele imiswe ngala makheli e-DNS server? Ungaqinisekisa kanjani ukuthi i-VNET ngayinye ekhulumayo inokusethwa okulungile kwamaseva e-DNS? Usebenzisa Inqubomgomo ye-Azure? Noma mhlawumbe kufanele isetshenziswe njengengxenye yendawo yokufika?
Okwehabhu evamile& ukhulume lokhu kubhalwe lapha - httpsdocs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/private-link-and-dns-integration-at-scale #private-link-and-dns-integration-in-hub-and-spoke-network-architectures, nokho ngiyazibuza ukuthi iyiphi indlela engcono kakhulu ye-vWAN

Inqubomgomo yokusetha wonke ama-VNETs ukuthi asebenzise leyo DNS Server kuwumbono omuhle, noma wenze isifanekiso ekusetshenzisweni kwakho (Terraform, BiCep, PowerShell njll.)

Angikwenzanga lokhu, kodwa bengizokukhuluma ngaphandle kwehabhu, ngiba nama-VM kuhabhu njengoba kwenza umzila ube nzima kakhulu. Futhi uma ungakwazi ukunamathisela indawo kuhabhu i-VNET, ngikholwa ukuthi ukuyikhipha ukuphela kwendlela yesixazululo se-PaaS noma se-IaaS.

Cishe uzofuna uhlobo oluthile lwe-VNET yamasevisi okwabelwana ngawo. hamba ne-vWAN

Uma usebenzisa i-Azure Firewall ku-vWAN, ungathola futhi lokho kusebenza njengommeleli we-DNS. Lokho kungaba ummeleli wensizakalo yakho ye-IAAS DNS (engadlulisela phambili/idlulisela ngokombandela kumlingo we-Azure IP) noma Isixazululi se-DNS esiyimfihlo.
Nginemizwa exubile ejulile mayelana ne-vWAN. Ithuthuke kakhulu kusukela yethulwa, kodwa isenokuqapha okuningi uma kuqhathaniswa nehabhu lokuzakhela ngokwakho. Ukubonakala nokulungisa iphutha lenethiwekhi akulula, awunawo umnikazi we-IP yomphakathi endaweni yakho. ukubhalisa, akukho ukuvikeleka kwe-DDOS, njll. Angifuni ukudikibalisa ukukhetha kwakho kwedizayini, kodwa qiniseka ukuthi uyayiqonda imikhawulo ngaphambi kokulandela lo mzila.

Ngiyabonga, ngicabangela izinketho eziningi ezahlukene

Uwaphatha kanjani ama-UDR wezikhulumi endaweni yakho kanye ne-arhcitecture ekhulumayo?
Ngizwile ngezikhulumi eziningi ezidinga ukuxhumana zodwa (njengazo zonke izikhulumi kufanele zixhumane nomunye okhulume namaseva e-DNS angokwezifiso) kuba nzima kakhulu ukuphatha wonke lawa ma-UDR ngesandla.