While NodeLocal DNS is fantastic for reducing latency and solving those frustrating conntrack race conditions, ensuring it stays Highly Available (HA) is a challenge. Traditional approaches using `iptables` or `IPVS` often force us into fragile workarounds—requiring secondary nameservers, pod restarts, or external health checkers just to handle a failover.

In this talk, I will demonstrate a cleaner, more robust way to achieve HA using eBPF. We’ll dive into "Enhanced Service Redirection", utilising cgroup eBPF to transparently rewrite `kube-dns`traffic to the NodeLocal cache at the system call level.