Bergen, Norway

2024 Conference
Jaeger
Prometheus
Kubernetes
Falco
Harbor
Cilium
Argo
Vitess
Helm
Argo
Cert Manager
Falco
Kubernetes
Cert Manager
Shipwright
Kured
Crossplane
Containerd
Operator Framework
Vitess
Backstage
Linkerd
Argo
Etcd
Kubernetes
Virtual Kubelet
Harbor
Kubernetes
CoreDNS
gRPC
Flux
Etcd
Crossplane
Helm
CoreDNS
Flux
Cilium
wasmCloud
Cert Manager
Cert Manager
Kubernetes
Istio
Istio
Envoy
Shipwright
Kyverno
Etcd
OpenTelemetry
KubeVirt
Back to Speakers
Misha Bragin
GitHubLinkedIn

Misha Bragin

Co-founder and Contributor at NetBird

About

Misha Bragin is a software engineer, open source contributor, and co-founder of NetBird - an open source, zero-trust networking platform built on WireGuard. As a member of the Cloud Native Computing Foundation, Misha and the NetBird team are on a mission to make secure private networking and remote access ridiculously simple for everyone, from home users to large enterprises.

Photos

Session

Hijacking DNS Port 53 with eBPF & XDP for Remote K8s Access

Presentation (40 min)AdvancedEnglish

Session Recordings

Session Recording

Have you tried running a local DNS resolver on a non-standard port? Changing port 53 is tricky since DNS is typically bound to it, and cross-platform support only adds to the challenge. While building NetBird's DNS feature to access internal resources and private K8s clusters anywhere without exposing them publicly, we ran into this issue. Our solution combined Go, eBPF, and some XDP “magic” to let multiple DNS resolvers share the default DNS port 53 and enable secure access to private K8s clusters through a peer-to-peer WireGuard network. In this talk, we’ll walk through the story of how the NetBird team cracked the challenge using smart DNS handling on Linux and practical eBPF/XDP usage examples.

Platform Engineering & Developer ExperienceCloud Infrastructure & Operations