Blog Post

Messaging on Azure Blog
2 MIN READ

IP address changes for Azure Service Bus and IP/DNS Changes for Azure Relay

EldertGrootenboer's avatar
EldertGrootenboer
Icon for Microsoft rankMicrosoft
Feb 27, 2024

What is Changing? 

The infrastructure layer of Azure Relay and Service Bus is being upgraded which will cause the IP addresses used by customer namespaces to change. For Azure Relay the gateway DNS names are also changing.

 

These changes are being made as part of our continuous improvements to our platform. The IP addresses of our services can change and should not be considered static and unchanging as previously communicated in the communication for Azure Service Bus and Azure Relay.  There is no added charge for this nor are there any service interruptions during the migration.

 

Call to Action 

If you are using IP addresses in your egress firewalls to your Azure Relay or Azure Service Bus namespaces, you will need to update them to use the namespace DNS names instead. 

 

Azure Service Bus customers

For Azure Service Bus, configure your firewalls to use the fully qualified domain names for your specific namespaces, or the wildcard “*.servicebus.windows.net” domains. These will automatically resolve to the new IP addresses.

 

Azure Relay customers

For Azure Relay, configure your firewalls with the DNS names of all the Relay gateways, which can be found by running this script . This script will resolve the fully qualified domain names of all the gateways to which you need to establish a connection.

Change any rules that previously used the IP addresses to use the namespace DNS name for port 80/443 traffic and the gateway DNS names where you previously were using IP addresses.  WCF uses a number of ports beyond 80/443 including 9351, 9350, 5671, 9352, and 9353 so be sure to check, where you have firewall rules for those ports.

Updated May 27, 2024
Version 3.0
azure service bus
  • Nexus2k's avatar
    Nexus2k
    Copper Contributor
    May 29, 2024

    I find this blog post and the announcement mail in general incredibly useless. Why can't you just directly list the affected resource and/or have a link to the Azure Portal showing potentially affected resources? I've got the mail for our subscription which seemingly neither has any Service Bus nor Relay resources so it was a waste of time. (It's also not like I would know what exactly needs to be done/changed after reading this blog).

  • Danielpqe's avatar
    Danielpqe
    Copper Contributor
    May 29, 2024

    Is there a way to identify which resource is using these services? The mail insists that one of all the resources is using them but it is difficult to identify it with a simple inspection, I am almost sure that we did not implement any functionality that could use those services. So at this point I can't modify anything.

  • Yauhen_Bichel's avatar
    Yauhen_Bichel
    Copper Contributor
    Jun 02, 2024

    Dear EldertGrootenboer, Azure community,

     

    Could you please clarify for me whether the steps for "Azure Service Bus customers" is only for premium tier?

    Should I do any actions for azure service bus if my pricing tier ("sku") is basic?

     

    Thank you

  • EldertGrootenboer's avatar
    EldertGrootenboer
    Icon for Microsoft rankMicrosoft
    Jun 03, 2024

    We have identified all customers that have had any traffic in the last few months. This is meant for any tier of Azure Service Bus and Azure Relay. As this is mostly around egress firewalls which might run on-prem or in different firewall products, we cannot identify if our customers are impacted by this, hence the wide distribution of this notification.

  • Arjan100's avatar
    Arjan100
    Copper Contributor
    Jun 27, 2024

    The title of the email states "IP addresses for Azure Service Bus and IP addresses and DNS names for Azure Relay are being updated"

    Which are 3 things: IP addresses for Azure Service BusIP addresses & DNS names for Azure Relay.

    But if I understand correctly from the content of the email, IP addresses in general are not affected? Meaning I dont have to update my Public IPs on Basic SKU that is connected to my smtp VM for example?

  • JamesCoulter's avatar
    JamesCoulter
    Copper Contributor
    Aug 08, 2024

    The emails from Microsoft Azure are extremely unhelpful - as others have mentioned, why can't you name the affected resource(s) to make it easier to find them? I have checked two of our subscriptions that were named in the email and neither are using Azure Service Bus or Azure Relay, so where is Microsoft getting the information from?