diff --git a/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1 b/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1 index ba04a8a0ac..a86077d1d1 100644 --- a/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1 +++ b/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1 @@ -29,7 +29,7 @@ $allowedFqdns = @($firewallRules.applicationRuleCollections | ForEach-Object { $ @(Get-PrivateDnsZones -ResourceGroupName $config.shm.network.vnet.rg -SubscriptionName $config.shm.subscriptionName | ForEach-Object { $_.Name }) # List all unique FQDNs $allowedFqdns = $allowedFqdns | - Where-Object { $_ -notlike "g*.servicebus.windows.net" } | # Remove AzureADConnect password reset endpoints + Where-Object { $_ -notlike "*-sb.servicebus.windows.net" } | # Remove AzureADConnect password reset endpoints Where-Object { $_ -notlike "pksproddatastore*.blob.core.windows.net" } | # Remove AzureAD operations endpoints Sort-Object -Unique Add-LogMessage -Level Info "Restricted networks will be allowed to run DNS lookup on the following $($allowedFqdns.Count) FQDNs:" @@ -81,7 +81,8 @@ Add-LogMessage -Level Info "Looking for SRD with IP address '$vmIpAddress'..." if (-not $vmIpAddress) { Add-LogMessage -Level Fatal "No SRD found with IP address '$vmIpAddress'. Cannot run test to confirm external DNS resolution." } else { - $vmName = @(Get-AzNetworkInterface | Where-Object { $_.IpConfigurations.PrivateIpAddress -eq $vmIpAddress } | ForEach-Object { $_.VirtualMachine.Id.Split("/")[-1] })[0] + # Match on IP address within approriate SRE resource group + $vmName = @(Get-AzNetworkInterface -ResourceGroupName $config.sre.srd.rg | Where-Object { $_.IpConfigurations.PrivateIpAddress -eq $vmIpAddress } | ForEach-Object { $_.VirtualMachine.Id.Split("/")[-1] })[0] Add-LogMessage -Level Info "Testing external DNS resolution on VM '$vmName'..." $params = @{ SHM_DOMAIN_FQDN = $config.shm.domain.fqdn