Azure WCF Relay DNS Support

  • Article

In the latest release of the Service Bus .NET Client (3.4.5) comes a highly requested feature for Azure WCF Relay customers, it now supports domain names!

For Relay customers who have struggled maintaining a whitelist of Azure datacenter IP addresses, you can now whitelist "*.servicebus.windows.net". The newest version of the client will make outbound calls to the Relay service using fully qualified domain names instead of IP addresses when using HTTP connectivity. We hope this makes your network configuration a lot simpler!

If you want to try this out, here’s how:

1. Use the Microsoft.ServiceBus.dll available in the latest client release (3.4.5 or higher)
2. Set ServiceBusEnvironment.SystemConnectivity.ConnectivityMode = ConnectivityMode.Https

After that it should be all set for your app to connect using Web Sockets that use DNS names instead of IPs.

Also, even if you are using TCP connectivity mode, finding out which IP addresses are used to rendezvous for a namespace is now possible by DNS queries.

For example:

ping yournamespace.servicebus.windows.net resolves to something like ns-sb2-prod-cy4-001.cloudapp.net

The gateways of namespaces in your cluster can be obtained with something like:

ping g0-prod-cy4-001-sb.servicebus.windows.net resolves to something like 13.78.149.88
ping g1-prod-cy4-001-sb.servicebus.windows.net resolves to something like 13.78.149.110
ping g2-prod-cy4-001-sb.servicebus.windows.net resolves to something like 13.78.149.158
... ... ... ... ... ... ... ... ... ...
ping g31-prod-cy4-001-sb.servicebus.windows.net resolves to something like 13.78.149.50

* We also have a Powershell script for you to use that allows you to look up IP addresses and DNS records for your relay namespace: https://github.com/Azure/azure-relay-dotnet/blob/master/tools/GetNamespaceInfo.ps1

Customers may also be wondering about the IP addresses for the Azure datacenters they connect to for the Relay service, here are some FAQs:

1. Are these IPs fixed?
No, these IPs will change over time.

2. How often and how much do these IPs change?
There is no contract on this, but our expectation is that between 10-20% of the IPs will change every month.

3. Can we get notifications when these IPs change?
We currently suggest using the provided Powershell script mentioned above.

4. How many gateway machines typically exist for a ‘scale unit’?
There is no contract on this, but typical sizes are 16, 32 and 64.
It is very safe to assume that there will always be less than 128 per scale unit.

*Important Note:

Whatever setup you have this will not break your existing relays. We do strongly recommend using DNS filtering to simplify proxy/firewall management.

--Relay Out--