Cisco Split DNS On a Router

I have this problem. My WAN sites get IP addresses from the DHCP server in the datacenter. DHCP says the DNS servers are the local corporate DNS servers (also in the DC). So what happens when the tunnel from the WAN site to the DC goes down?

Users can’t even surf facebook. Oh the horror. But really, users shouldn’t have their Internet access cut off just because the DC lost power or was sacrificed to a volcano god. Especially since we use hosted services. Email should always work, even if head office is down!

What we need is for DNS requests for myspace and reddit to go to the regular public DNS server, and requests for theservers.localdomain.lan to go to the corporate DNS servers.

Turns out there’s-an-app-for-that using dns-views within the router…

Continue reading

GNU Screen and Xmodem!

How many terms are incompatible with Google? screen (the gnu screen program) is one of them unfortunately.

How often have you found yourself needing to upload an IOS to a dead router or switch? And how often do you have to do this on a Linux or Mac based machine?

Well, here is how to use sx from the lrzsz package and gnu screen. Firstly, connect your console to screen with a command like so:

screen /dev/tty.usbserial 115200

Then begin your xmodem transfer and follow up with some fancy screen commanding

^a :exec !! sx -kb Downloads/newfirmware.bin

That is control-a and then type, without the quotes, “:exec !! sx -kb path/to/firmware.bin”

Genius! Unfortunately, sx doesn’t really come stock with my particular flavor of OS so some package manager digging was in order.

Cisco Password Recovery

So you have a cisco device that is password protected, perhaps it is a mission critical core device and you lost the password. It doesn’t matter why, but maybe when you recover it, take note of it this time.

So what I present here is a method for actually recovering the MD5 hashed “Enable” or user passwords through a dictionary attack (and physical access). Continue reading