WAP200 and entry for primary dns cannot be 0 and 255

Similar Messages

• Rejecting IPSec tunnel: no matching crypto map entry for remote proxy

  Hi!
  I have already search for this but didn't get an exact answer I'm looking for so I try asking it again (if there is the same question).
  I'm in process of migrating some VPN tunnels with  from a Cisco router to an ASA, everything will keep the same but just the peering IP address. However, some of the tunnel was being torn down since it request for a proxy doesn't match the one configured on our side. And the remote peer said there is no such issue on the previous platform, but now they need to reset the tunnel from time to time.
  Apr 18 2013 07:29:10 asa002 : %ASA-3-713061: Group = 192.168.1.226, IP = 192.168.1.226, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 192.168.1.226/255.255.255.255/0/0 local proxy 10.10.9.81/255.255.255.255/0/0 on interface outside
  Apr 18 2013 07:29:10 asa002 : %ASA-3-713902: Group = 192.168.1.226, IP = 192.168.1.226, QM FSM error (P2 struct &0x745e9150, mess id 0x8d7ad777)!
  Apr 18 2013 07:29:10 asa002 : %ASA-3-713902: Group = 192.168.1.226, IP = 192.168.1.226, Removing peer from correlator table failed, no match!
  The remote peer said they did not change the proxy id on their side so it is possibly the old platform will just not setting up the SA without torn down the tunnel while the ASA on the new platform will torn down if there is any mismatch.
  Anyway I have requested the remote side to remove those unmatched entried to avoid the tunnel being torn down, but if there any configuration that is related to this issue? i.e. Just bring up the SA with matched addresses and ignore others, instead of torn down the tunnel.
  Thanks!!
  //Cody

  Are you trying to send traffic destined towards the internet from 172.16.0.0/20 via this ASA as well? why? are you inspecting those traffic before being sent out to the internet?
  If so, this end also needs to be configured with "any" as well --> crypto ACL needs to mirror image.
  access-list outside_1_cryptomap extended permit ip any 172.16.0.0 255.255.240.0
  Then you also need NAT on the outside interface, otherwise, traffic from 172.16.0.0/20 is not PATed to a public IP, and won't be able to reach the internet:
  nat (outside) 1 172.16.0.0 255.255.240.0

• Rejecting IPSec tunnel: no matching crypto map entry for remote proxy on interface outside.

  Hi,
  I have read a problem where the VPN between an ISP and ourselves started dropping sessions. I have rebuilt the crypto map and tried to dig deeper into my config and some basic troubleshooting while I await the ISP to respond.
  Any ideas?
  Thanks Steve
  https://supportforums.cisco.com/thread/255085
  http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#solution10
  5 Jun 13 15:46:25 713904 IP = 209.183.xxx.xxx, Received encrypted packet with no matching SA, dropping
  4 Jun 13 15:46:25 113019 Group = 209.183.xxx.xxx, Username = 209.183.xxx.xxx, IP = 209.183.xxx.xxx, Session disconnected. Session Type: IKE, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: crypto map policy not found
  3 Jun 13 15:46:25 713902 Group = 209.183.xxx.xxx, IP = 209.183.xxx.xxx, Removing peer from correlator table failed, no match!
  3 Jun 13 15:46:25 713902 Group = 209.183.xxx.xxx, IP = 209.183.xxx.xxx, QM FSM error (P2 struct &0xda90f540, mess id 0x76c09eb7)!
  3 Jun 13 15:46:25 713061 Group = 209.183.xxx.xxx, IP = 209.183.xxx.xxx, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 172.16.0.0/255.255.240.0/0/0 local proxy 0.0.0.0/0.0.0.0/0/0 on interface outside
  5 Jun 13 15:46:25 713119 Group = 209.183.xxx.xxx, IP = 209.183.xxx.xxx, PHASE 1 COMPLETED
  6 Jun 13 15:46:25 113009 AAA retrieved default group policy (DfltGrpPolicy) for user = 209.183.xxx.xxx
  6 Jun 13 15:46:25 713172 Group = 209.183.xxx.xxx, IP = 209.183.xxx.xxx, Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end is NOT behind a NAT device

  Are you trying to send traffic destined towards the internet from 172.16.0.0/20 via this ASA as well? why? are you inspecting those traffic before being sent out to the internet?
  If so, this end also needs to be configured with "any" as well --> crypto ACL needs to mirror image.
  access-list outside_1_cryptomap extended permit ip any 172.16.0.0 255.255.240.0
  Then you also need NAT on the outside interface, otherwise, traffic from 172.16.0.0/20 is not PATed to a public IP, and won't be able to reach the internet:
  nat (outside) 1 172.16.0.0 255.255.240.0

• Allocating a (local/in-house) IP address and DNS entry for a cabled Ethernet printer

  I have an MI424WR Fios modem/wireless router.  I have a laser printer connected to it using standard CAT-5 cabling.
  I have tried several times to create a persistent enough IP address so that I can configure a Windows (Windows 7 and Windows 8) printer and printer port and get it to work over time.  On ever other router I've had, I was able to configure a static IP address and configure a local DNS entry for it (which meant I could just configure printer ports looking for http://colorlaser - very easy to remember)
  I think I have it working, then I leave it for a few days and the IP address evaporates and the driver stops working.  The MI424WR advanced menus are nearly indecipherable (compared to *every* other home router I've ever used) and I'm running out of curse words to use when trying to get this to work.
  Any ideas?
  Thanks
  Flydog
  (PS: I'm very impressed that your "Spell Check" refuses to recognize "Fios")

  I've solved this exact issue by configuring a static DHCP lease in the router for the printer.  This way, I don't have to change any settings in the printer; which can be difficult depending on how the printer is configured.
  Yes, I agree that the Actiontec router has a rather unfriendly interface.  However, it is quite powerful once you figure out where everything is hidden.
  Here's the process to setup a static DHCP lease for a printer (or any other device):
  Make sure your printer is on and assigned an IP address.
  Login to router
  Click "My Network" in the top banner menu.
  Click "Network Connections" in the left hand menu.
  Click "Network (home/office)" in the Network Connections box.
  Click "IP Address Distribution" in the Network (home/office) Properties box.  Note it is hard to notice this is a link - click on the words.
  Click on the "Connection List" button at the bottom of the IP Address Distribution Box.
  Locate your printer in the list.  The host-name may be something assigned by the router.
  Click on the edit button in the Action column for the printer.  The edit button is the center icon with a pencil on it.
  Click the "Static Lease Type" checkbox.
  Click Apply.
  Click the edit button for the printer's DHCP entry AGAIN.
  Now, you can set the IP address to any value within the router's DHCP range.  You may also want to change the host name to something that make sense to you.
  You can also try the "New Static Connection" at the bottom of the DHCP connection window, however I've not had much luck with it.
  Good Luck!
  If a forum member gives an answer you like, give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem.

• Different SBA DNS SRV entry for the same dns zone?

  Hello,
  I got here a testlab with one enterprise pool and one sba deployed. The Branch Site got also an DNS Server installed. Both are using the same dns zone "test.com".
  Of course now i got different server for the same SRV Record _sipinternaltls._tcp.test.com - one for autodiscovery in the enterprise pool and one for the sba. Also I want to add the second one as failover srv + the DNS Server in the Enterprise Pool should
  be used as a Forwarder.
  Now I got some issues how to deploy several entries on two different dns server for the same zone.
  1.) If I add manually the same zone + DNS SRV entries on the SBA the dns is somehow not resolving/forwarding the entries on the other dns server in ee to other servers which are not on my SBA dns.
  2.) If I only pinpoint the SRV entries for _sipinternaltls._tcp.test.com (one for sba and failover for ee site) the dns won't resolve the second a record to the enterprise pool.
  What is the Best Practise for DNS SBA? Always point to the enterprise pool and, therefore, no other configuration is needed?
  Regards DrWho

  I played a little bit around. Problem was that I can not add the pinpoint dns srv entries via gui. Aditionally the tutorials did not work as my DNS server for SBA is not on a domain controller. In the end I did this:
  sbafe -> fqdn of my sba
  eefe -> fqdn of my frontend of enterprise pool
  dnscmd . /zoneadd _sipinternaltls._tcp.test.com. /primary /file _sipinternaltls._tcp.test.com.dns
  dnscmd . /recordadd _sipinternaltls._tcp.test.com. @ SRV 0 0 5061 sbafe.test.com.
  dnscmd . /recordadd _sipinternaltls._tcp.test.com. @ SRV 10 0 5061 eefe.test.com.
  dnscmd . /zoneadd sbafe.test.com. /primary /file sbafe.test.com.dns
  dnscmd . /recordadd sip.sbafe.test.com. @ A 192.168.10.220
  dnscmd . /zoneadd eefe.test.com. /primary /file eefe.test.com.dns
  dnscmd . /recordadd sip.eefe.test.com. @ A 192.168.0.40
  Question is if that is a good best proctise or should the dns server within a zone contain the same records (Primary/Backup). The Client will then always hit the FE of the EE Pool first.
  Also its quite a lot of work to setup.

• Server 2008 RRAS Internal adaptor causing duplicate DNS entry for host

  I have Server 2008 configured with AD, DNS, DHCP and Routing and Remote Access.  The Server is set-up with a static IP address 192.168.127.2 and the DHCP allocates addresses in the range 192.168.127.100/199 to clients.  The RRAS is automatically configured with three adaptors "Loopback" (127.0.0.1), "Local Area Connection" (192.168.127.2) and "Internal" (192.168.127.112 allocated by DHCP).
  The problem is that there are two entries created in DNS for the host, MYSERVER 192.168.127.2 and MYSERVER 192.168.127.112.  This cause a problem with the client computers when they do a DNS lookup in that the MYSERVER ip address is sometimes returned as 192.168.127.112 at logon causing network shares assignment in the logon script to fail (among others).  If the DNS entry is deleted manually everything functions again for a while until the DNS entry is mysteriously created again.
  Can anyone help???

  I agree with Bill, you should not run RRAS service on DC.
  If you need workaround
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\<Interface name>\MaxNumberOfAddressesToRegister
  Data type: REG_DWORD
  Range: 0x0 - 0xFFFFFFFF
  This setting determines the maximum number of IP addresses that can be registered in DNS for this adaptor.
  If the value of this entry is 0, IP addresses cannot be registered for this adaptor.
  OR
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\<Interface name>\DisableDynamicUpdate
  0      Enables DNS update registration
  1      Disables DNS update registration
  Please place one of above registry key for adapter that you don't want to register in DNS.
  Hope this helps.

• Can´t communicate with the primary DNS Server 200.49.156.5: and now?

  Hi,
  I have connected a Sony Vaio with a Linksys WRT54G router, using broadband cable provided by a Motorola Surfboard Modem (model 5b5100i)
  I followed all the steps from the router´s CD.
  Finally I connected a network cable to the port 1 of the router and on the other extreme the Motorola Modem is now connected. As result, since I  have a desktop already connected to the modem, there are now 2 connections on the back of the motorola modem, 1 for a desktop that uses its USB plug and a 2nd, which uses a network cable (ethernet connection) and that plugs at the end to the Linksys router. connection is ok based on the Linksys CD.
  The wireless card of 2 different laptops recognize the router´s signal, but no internet copnnection is available. 
  after diagnostic on network problems by Vista Windows, I receive the following message
  ¨"Cannot communicate with the primary DNS Server 200.49.156.5"
  What does it mean? what needs to be set in order to make it work?
  Thanks in advance for any help

  I talked to a tech support form my cable company and the motorola only provides 1 IP address, therefore, in order to make a router work (it will need its own IP address, a 2nd one), you need to buy an ADDITIONAL internet connection or access point....this company is in Argentina. While I lived in the US (last month) they allowed me to have multiple computers from the same one connection.
  bottom line, calll your ISP and tell them you need either to install the router on your connection OR to have an additional internet cable input....
  just my 2 cents...business rules.

• Remote login: cannot connect to primary DNS server

  To what should I set the DNS under 'Computers and Services'? I cannot get any computers (Mac or Win) to remotely connect to the network, it says cannot connect to primary DNS. The goal is to have users have access to home directories from remote locations but I cannot seem to get a connection. Help please...
  Message was edited by: mrsmittys

  Hi
  A bit vague on details and I have to question why you would want to do this anyway? For example 10-20 users all accessing home directories remotely would be hard work if not practically impossible. What is the bandwidth on the host’s broadband service?
  That said there are a number of ways of doing this the easiest being a VPN. Ideally a fixed public IP address at the site that the server is at and a router capable of supporting VPN connections. I’ve always found ZyXel Prestige 662 Routers and IPSecuritas (which is available free as a download – just remember to donate) a good combination. Once the tunnel has been built the remote client will be able to access any resource at the host site as if it was in the same building.
  Again I would steer you away from this as the connection may prove to be unreliable depending on users and usage. A more workable solution would be Portable Home Directories. With PHD you can work with Home Folders without being connected to the host network. The Home folders would synchronize the next time the client connected to the network.
  Are your home folders Open Directory networked home folders or just folders created that are defined as a paticular user’s folder? If its an Open Directory Networked Home folder then internal DNS Services configured and running somewhere would be absolutely crucial as Open Directory will not function without it.
  I have to be honest and say I dont think you have really thought this through (no offense intended), however keep posting. No doubt others will offer views and opinions that may further assist you.
  Tony

• Calendar app contains multiple entries for birthday calendar and Apple US Holiday's calendar.

  After the most recent update, my calendar app began showing duplicate entries for all of my calendars (google, birthday and US Holidays). I deleted all of the google calendars from my phone and then added each calendar back to the phone one at a time. After doing this, there were no more duplicate entries for the google calendars. However, I have been unable to fix the duplicate entries for the Apple birthday calendar or the Apple US Holidays subscribed calendar. I tried restoring the iPhone, but that didn't work. I then tried to delete the birth date from various phone contacts, but even though I had removed the contact's birthday, the duplicate birthday entries on the calendar remained. I tried changing the contacts' birth date (i.e. altering the month or year), but that didn't update on the calendar either. I'm using an iPhone 5, ios 7.1.1. I do not sync any calendars with iCloud and when I show the birthdays calendar in iCloud, there are not any duplicate entries. Any suggestions?

  Literally, no.  You will not find a single identical application for all.  Apps that are written for the iPhone and iPad have optimizations specific to those platforms, while computer programs will be at least slightly different as they will have optimized features specific to them.
  You could look throught the APp store for something you like for the iOS devices, then check the developer's site to see if they also make something equivalent or near so for desktop and laptop computers.
  The best you can find is separate applications (albeit maybe from one developer and designed to work as companion apps) that share data seemlessly somehow, but none will be without glitches at times - just the nature of anything that tries to syncronize multiple devices frequently over the internet.
  I use Week Calendar on my iPhone and iPad, Calendar in OS X, and Outlook at work.  I do not use iCloud to sync calendars, but use separate Google Calendars for personal, and work calendars, linked through my google accounts to those programs on all my devices.  Its worked pretty well for the past 3 or 4  years for me.  However, I do use google sync for the Outlook calendar, and you cannot get that any longer (google killed it off, but keeps it working for legacy users).
  That's just my setup, but no single app or program exists that I could use for all that (or even just for the Apple machine's alone).

• DNS entry for DC not dynamically updating (Server 2008 R2)

  Windows Server 2008 R2. I've got a single DC (I'm preparing to install the 2nd in the next few days). The host (A) record for the DC shows to be static for some reason. I changed the name of the DC recently, then brought down the Exchange server and rebooted
  and it successfully connected again. I might have entered in a static DNS entry for the new server name before renaming the server, but I'm not sure.
  I've tried to delete the static DNS record for the DC and then reload, but it continues to appear as a static entry. The mail server's DNS record still appears as a dynamic entry.
  What am I doing wrong?
  Noel Stanford Oveson
  jeremyNLSO
  MCTS, MCITP, CCENT, CNE, MCSE, CLSE
  Berlin, Germany

  Hello,
  Like Mike suggested, it is normal that it is a static record.
  However, if your DC with its new name is not updating its DNS record, check that "Register this connection' addresses in DNS" is checked on the DC's adapter and then run
  ipconfig /registerdns using an elevated prompt.
  This
  posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   
  Microsoft
  Student Partner 2010 / 2011
  Microsoft
  Certified Professional
  Microsoft
  Certified Systems Administrator: Security
  Microsoft
  Certified Systems Engineer: Security
  Microsoft
  Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
  Microsoft
  Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
  Microsoft
  Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
  Microsoft
  Certified Technology Specialist: Windows 7, Configuring
  Microsoft
  Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
  Microsoft Certified IT Professional: Enterprise Administrator
  Microsoft Certified IT Professional: Server Administrator
  Microsoft Certified Trainer

• Duplicate entries for same primary key

  Hi,
  I am facing problem to insert 2 or more than 2 entries for same PRIMARY KEY in the database table.
  As I know that we can’t do that. But Client has given me the XL sheet which contains 2 entries for same primary key. How can it be done? Please let me know how can I insert 2 data for same primary key in database table.
  Waiting for your answers.
  Thanks in advance.
  Regards,
  Prasanna

  Hi,
    You can achieve this .... All you have to do is to add a new field (a Sequence Number ) to the table. This number will be incremented for each duplicate primary keys. For example....
  Consider the excel file has duplicate entries 3 primary keys. Now you add a new field named Sequence Number in your DB Table.....
  When you load the data into Database...then the records will look like this...
  Key1     Key2    Key3    Seq
  A          B          C           1
  A          B          C           2
  A          B          D           1
  A          B          D           2
  A          C          D           1
  A          C          E           1
    and so on...
  I hope this solves your purpose.....
  Whenever there are duplicate entries, such as the one mentioned in your scenario, then a new field can be added in Database. This field acts like a count or sequence number.... Thus you can maintain unique records.
  Regards,
  Vara
  Regards,
  Vara

• Cannot find terminfo entry for 'rxvt-256color'.

  I'm sshing into my ubuntu server from my arch workstation. I can't run screen because i get this error:
  Cannot find terminfo entry for 'rxvt-256color'.
  Anyone know whats going on?
  It works if i run "export TERM=xterm" or "export TERM=rxvt" but:
  1. that seems like a hack
  2. i have to type that everytime i ssh and run screen
  any help would be great!

  Mr.Elendig wrote:And when it comes to screen, use TERM=screen-256color  (you can make screen set that automaticly by poking at your screenrc)
  Yep, you can put 'term screen-256color' in screenrc. Not that this is set inside screen, in the outside you use the default TERM (rxvt-256color) so dont set then in bashrc or zshrc (or set with a check for TERM==screen). So you have two terminfo description one of the underlining terminal (rxvt) its used by screen to construct the needed interaction, and the screen terminfo used by all program running inside screen to know what caps the terminal have and correct interact with it.
  EDIT probably you want to use screen-256color-bce because rxvt-256color support bce so screen can use it, but well, I dont know for what bce can be useful....
  Last edited by kazuo (2010-06-14 14:03:46)

• Servermgr_dns: no reverse DNS entry for server

  Hi all,
  After installing and configuring OS X Server, Tiger, I realized I had given the machine the wrong IP-address. After changing it, I'm getting the following errors every half hour:
  Jun 28 12:54:26 g4 servermgrd: servermgr_dns: no name available via DNS for 10.0.0.3
  Jun 28 12:54:26 g4 servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
  Can anyone enlighten me, as to wether this is something serious or not. The server is running fine, so it isn't mission critical, but you know, nobody likes error messages
  PowerMac G4, Dual 1.25, 768 MB RAM, Pro ADSL 4096/768   Mac OS X (10.4.6)   Mac OS X Tiger Server

  look at changeip
  <pre>
  ~>man changeip
  changeip(8) BSD System Manager's Manual changeip(8)
  NAME
  changeip -- Change IP adress related configuration.
  SYNOPSIS
  changeip -checkhostname
  changeip [directory-node | -] old-ip new-ip [old-hostname new-hostname]
  DESCRIPTION
  changeip is used to update configuration records when a server's IP
  address changes or check/fix the hostname of the server. It needs to be
  run by root on the machine who's IP address is changing. If the machine
  is hosting a parent directory (NetInfo or LDAP) or is connected to a par-
  ent directory, then the Open Directory path to the node must be used (eg
  /LDAPv3/192.12.0.43). Otherwise use a dash ("-") for the directory node
  argument. The tool may prompt for an admin user name and password for
  the directory node. After the tool has successfully completed, change
  the network settings in the Network Control Panel and reboot the server.
  </pre>
  you need to run this when you change your servers ip
  hope this helps.

• GSS as primary DNS Server for Intranet

  Hi,
  Can the GSS be used as a as primary DNS server for Intranet? An additional DNS server can be configured to answer the unknown Records like MX by GSS.
  if it can be configured, I would be thankful if anyone shares with me the brief configuration steps Apart from configuring Answers, answer groups, domain lists, source address lists, DNS rules.
  with thanks
  sathappan

  Yeah I'd certainly recommend against it! So essentially the client machines are unable to update or query dynamic AD related DNS records since they're not pointing to the DNS servers actually used by your AD server(s). I could well imagine that causing
  issues, and meaning that some AD functionality won't work correctly.
  I know you can directly integrate BIND with AD, eg so that the BIND servers are the ones used by AD, though I haven't tried it, but this seems to be neither.
  I can't find any articles relating to your exact situation, presumably no one else has tried to use such a mixed and disjoined setup. I'd focus on looking for articles relating to why you shouldn't point your users at a router (most commonly in small setups
  on ADSL) for the DNS rather than directing them to the server for DNS and then having that query the router for external results. It's a more common scenario and you're more likely to find articles relating to it.
  One article you might find useful is
  http://msmvps.com/blogs/acefekay/archive/2009/08/17/ad-and-its-reliance-on-dns.aspx which talks in terms of using your ISP's DNS servers on the client machines, but in your situation it sounds like the BIND servers are essentially providing an equivalent
  setup.
  There's also various discussions and comments on the topic elsewhere on these forums, for instance
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/c3ba3859-765e-4b3f-add0-eaf2c18e1068/i-have-dns-in-a-router-and-i-want-to-install-domain-controller?forum=winservergen and
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/b5df8fd4-7ab2-4d1e-afe2-c5263c4d69c3/dns-server-forwarding-and-clients-getting-address-of-registrars-ip?forum=winserverNIS which are worth checking out.

• Interesting explanation and fix for obscure DNS problems

  This blog is a real eye-opener:
  *10.5.3 Fixes DNS Problems Plaguing Some Leopard Users*
  http://hunter.pairsite.com/blogs/blog20080603.html
  Who knew?!
  "I had tangled with name lookup issues during early stages of Leopard development, and learned that Leopard changed the way name lookups were made.
  "... Some people had been carrying DNS baggage for years with no idea, and this had likely been hampering name lookup operations at some level for a long time, even before 10.5 came along.
  "In other cases, it was a major challenge. The average user doesn't know (and probably shouldn't need to know) where their DNS settings are, or what they do. And then consider the common situation of a user with a Mac connected to an Airport connected to a cable modem, with various DHCP leases sprinkled into the mix. In most of those cases, DNS settings are provided far upstream and inherited down through the line. The user may see no DNS settings on the Mac, or it might be using the address of the Airport router. The Airport might contain DNS settings inherited from the cable modem, which it picked up from the ISP through the DHCP lease. The issue then becomes one of figuring out where to purge old DNS settings, if that's even possible, and replacing or overriding them with known good ones (such as from OpenDNS.org). It was a challenge in many cases. Just convincing the user they had a DNS issue was a challenge in some cases!"

  I think DNS lookup issues are relatively rare these days and so are perhaps not the obstacle to trouble-free internet access that they used to be in the days when ISPs were less Mac friendly and Apple seemed to have issues with DNS lookups without the network preferences having declared DNS server IPs. Even then, I think much of that was timing, with MacOS flavors at the time being rather more critical than ISPs expected and that Windows tends to be.
  Much of the DNS hullabaloo had died out until recently, due to the appearance of active IPv6, which once again seemed have caused timing issues. Thankfully since IPv6 is not much in use yet, it can be switched off in the TCP/IP pane of the appropriate network preference and that seemed to cure DNS lookup issues for those who had them once again.
  I've found though, both at work with our commercial T1s, and at home with my (not altogether Mac-friendly) ISP, that DNS has not been an issue sine perhaps the mid MacOS 10.3, or maybe even earlier. And as I found at the time when I had issues at home but not with the same system and configuration at work, it turned out to be the ISP's primary DNS server which was not configured correctly and timed out routinely.
  Even with IPv6 still enabled I've not have DNS issues with any Mac for some time, and have not experienced any difference in internet behavior between 10.5.3 and anything prior. Even my iPhone, which had DNS problems if the first DNS IP was the local router, has been behaving correctly since the first firmware update last summer!