Skip to content

Latest commit

 

History

History
56 lines (35 loc) · 2.82 KB

SYSTEM_DESIGN.md

File metadata and controls

56 lines (35 loc) · 2.82 KB
Raw

System Design

Table of Contents

Components

The following diagram illustrates the major components in the VinylDNS ecosystem and the external systems they interact with.

VinylDNS Architecture Diagram

  • API - RESTful endpoints to allow interaction with VinylDNS

  • Database - stores information that the VinylDNS application needs

  • DNS servers - communicates DNS changes and resolves DNS records

  • Message queue - temporarily stores DNS requests for processing

  • LDAP Service - application protocol used to authenticate user access to the VinylDNS portal

  • Portal - graphical user interface to interact with the VinylDNS API

  • Tooling - external libraries and utilities used to interact with the VinylDNS API

Process Flow

  1. LDAP service authenticates user credentials and grants access to the portal.
  2. If the user is accessing the portal for the first time, VinylDNS credentials are generated and stored.
  3. User navigates portal or uses integration tooling to generate a signed API request.
  4. When the API receives a request, it loads the credentials for the calling user from the database and validates the request signature to ensure that the request was not modified in transit.
  5. The request is then validated to ensure that:
    • the request data is correct
    • the request passes all validation checks
    • the user has access to make the change
  6. Assuming the request is in good order, the request is put on a message queue for handling.
  7. One of the VinylDNS API server instances pulls the message from the queue for processing. For record changes, a DDNS message is issued to the DNS backend server.
  8. When the message completes processing, it is removed from the message queue. The changes are applied to the VinylDNS database along with an audit record for the request.

Integration

Integrating with VinylDNS is simple since each API endpoint is effectively a distinct DNS operation (eg. create record, update record, delete record, etc.). The only requirement for sending a request is generating the correct AWS SIG4 signature without content length and providing the corresponding HTTP headers so that VinylDNS can verify it. See API Authentication for more details.

The current tooling available to perform VinylDNS API requests include: