Bergen, Norway

2024 Conference
Argo
Helm
Flux
Kubernetes
Helm
Backstage
Harbor
Helm
Kured
Istio
Prometheus
Prometheus
CoreDNS
Kubernetes
Flux
Prometheus
Containerd
Argo
Kyverno
OpenTelemetry
Jaeger
Istio
Linkerd
Jaeger
Kubernetes
Cert Manager
Kubernetes
Linkerd
Shipwright
Helm
KubeVirt
Linkerd
KubeVirt
Envoy
Helm
Kubernetes
Crossplane
Shipwright
OpenFeature
Kubernetes
Argo
Linkerd
Cert Manager
Helm
Kubernetes
Istio
Cilium
Flux
Flux
Back to Speakers
Misha Bragin
GitHubLinkedIn

Misha Bragin

Co-founder and Contributor at NetBird

About

Misha Bragin is a software engineer, open source contributor, and co-founder of NetBird - an open source, zero-trust networking platform built on WireGuard. As a member of the Cloud Native Computing Foundation, Misha and the NetBird team are on a mission to make secure private networking and remote access ridiculously simple for everyone, from home users to large enterprises.

Presentation

Hijacking DNS Port 53 with eBPF & XDP for Remote K8s Access

Presentation (40 min)AdvancedEnglish

Have you tried running a local DNS resolver on a non-standard port? Changing port 53 is tricky since DNS is typically bound to it, and cross-platform support only adds to the challenge. While building NetBird's DNS feature to access internal resources and private K8s clusters anywhere without exposing them publicly, we ran into this issue. Our solution combined Go, eBPF, and some XDP “magic” to let multiple DNS resolvers share the default DNS port 53 and enable secure access to private K8s clusters through a peer-to-peer WireGuard network. In this talk, we’ll walk through the story of how the NetBird team cracked the challenge using smart DNS handling on Linux and practical eBPF/XDP usage examples.

Platform Engineering & Developer ExperienceCloud Infrastructure & Operations