Curriculum Vitæ —
- system administrator
- Planning, implementing, running and monitoring large scale redundant
services on UNIX based operating systems. Hands on experience with
Proficient in the usual tools: Shell, perl, python, ansible,
cfengine, puppet, salt stack, cvs, git, svn...
DNS expert: Managing forward and reverse zones, running a root
name server and running authoritative servers with hundreds of thousands
of customer zones.
Many years experience running multi node postgres and mysql
- network engineer
- Planning, implementing, running and monitoring ISP layer 2 and layer 3
Planning, implementing, running and monitoring anycasted DNS
constellations with hundreds of nodes
Hands on experience with
- Experience in imperative, object oriented, functional and multi paradigm
languages. In particular having written or worked on non-trivial programs
in C, C++, perl, python, java, smalltalk, erlang, lisp and haskell.
Contributions to OpenBSD (kernel and
(netflow version 10, aka IPFIX) support in
and traceroute6(8) into a single code base reducing code
- Unified ping(8)
and ping6(8) into a single code base reducing code duplication and
bringing over improvements from the IPv6 version that never made it
into the traditional ping.
- Designed and implemented
privilege separated daemon for IPv6 stateless address
autoconfiguration. It uses
reduce attack surface further and thus increasing security.
- Moved RFC
4861 stateless address autoconfiguration from the kernel to
- Replaced the kame IPv6 router advertisement daemon rtadvd(8) with
privilege separated and pledged daemon.
privilege separated validating recursive resolver for laptops. Based
on libunbound from
it monitors the network to find the best resolving strategy. It can do
recursion, talk to forwarders learned from DHCP and Router
Advertisements (DNS53 or opportunistic DoT) as well as configured
forwarders (DNS53 or DoT). It detects and handles captive portals, DNS
filtering and NAT64/DNS64.
- Pulled dig(1),
out of the last free release of
abstraction layers with ANSI C and POSIX intrinsics and removed about
300.000 lines of unneeded code reducing the compile time from minutes
to under 10 seconds.
- Regular attendee of
and BSDCan. Presented on
BSDCan and FOSDEM.
Presented on DNS, DNSSEC, IPv6, and BGP deployments at various
conferences including RIPE and denic meetings.
Studied Computer Science, Mathematics and Electrical Engineering
at University Darmstadt,
Germany. Areas of interest were abstract mathematics, program
verification and programming languages.
Fluent in English and German.