Manual Page Search Parameters

CV(7) Miscellaneous Information Manual CV(7)

Curriculum VitæFlorian Obser

florian@narrans.de or florian@openbsd.org

system administrator
Planning, implementing, running and monitoring large scale redundant services on UNIX based operating systems. Hands on experience with Debian, Red Hat, OpenBSD and FreeBSD.

Proficient in the usual tools: Shell, perl, python, ansible, cfengine, puppet, salt stack, cvs, git, svn...

DNS expert: Managing forward and reverse zones, running a root name server and running authoritative servers with hundreds of thousands of customer zones.

Many years experience running multi node postgres and mysql databases.

network engineer
Planning, implementing, running and monitoring ISP layer 2 and layer 3 networks.

Planning, implementing, running and monitoring anycasted DNS constellations with hundreds of nodes (k.root-servers.org).

Hands on experience with HP, Juniper, Cisco and OpenBSD.

developer
Experience in imperative, object oriented, functional and multi paradigm languages. In particular having written or worked on non-trivial programs in C, C++, perl, python, java, smalltalk, erlang, lisp and haskell.

Contributions to OpenBSD (kernel and user-land):

  • Implemented RFC 7011 (netflow version 10, aka IPFIX) support in pflow(4).
  • Unified traceroute(8) and traceroute6(8) into a single code base reducing code duplication.
  • Unified ping(8) and ping6(8) into a single code base reducing code duplication and bringing over improvements from the IPv6 version that never made it into the traditional ping.
  • Designed and implemented slaacd(8) a privilege separated daemon for IPv6 stateless address autoconfiguration. It uses pledge(2) to reduce attack surface further and thus increasing security.
  • Moved RFC 4861 stateless address autoconfiguration from the kernel to slaacd(8) in user-land.
  • Replaced the kame IPv6 router advertisement daemon rtadvd(8) with rad(8), another privilege separated and pledged daemon.
  • Implemented unwind(8), a privilege separated validating recursive resolver for laptops. Based on libunbound from unbound(8), it monitors the network to find the best resolving strategy. It can do recursion, talk to forwarders learned from DHCP and Router Advertisements (DNS53 or opportunistic DoT) as well as configured forwarders (DNS53 or DoT). It detects and handles captive portals, DNS filtering and NAT64/DNS64.
  • Pulled dig(1), host(1), and nslookup(1) out of the last free release of bind9. Replaced abstraction layers with ANSI C and POSIX intrinsics and removed about 300.000 lines of unneeded code reducing the compile time from minutes to under 10 seconds.
conferences
Regular attendee of IETF, RIPE meetings, DNS-OARC, and BSDCan. Presented on implementing slaacd(8) and unwind(8) at BSDCan and FOSDEM.

Presented on DNS, DNSSEC, IPv6, and BGP deployments at various conferences including RIPE and denic meetings.

Studied Computer Science, Mathematics and Electrical Engineering at University Darmstadt, Germany. Areas of interest were abstract mathematics, program verification and programming languages.

Fluent in English and German.

2018 - Present
Senior System Engineer - RIPE NCC
2012 - Present
developer - OpenBSD
2014 - 2018
System Engineer - RIPE NCC
2006 - 2014
Systems & Networks - Hostserver GmbH
1999 - 2004
Education - University Darmstadt
1997 - 2007
Freelance Consultant

intro(7)

January 22, 2021 man