macOS 26 Breaks /etc/resolver/ DNS
⚠️ Regression Bug: macOS 26 breaks per-domain DNS resolver for custom TLDs. Silent failure affects developers using dnsmasq, Docker, Kubernetes, and other local development tools.
Summary
The /etc/resolver/ per-domain DNS resolver mechanism — a long-standing macOS feature documented in man 5 resolver — is silently broken in macOS 26 for any TLD not present in the IANA root zone.
Affected TLDs
| TLD | Status | Notes |
|---|---|---|
| .internal | Broken | IETF draft special-use TLD |
| .test | Broken | RFC 6761 reserved for testing |
| .home.arpa | Broken | RFC 8375 reserved |
| .lan | Broken | Widely used convention |
| Arbitrary | Broken | Any non-IANA TLD |
Root Cause
mDNSResponder intercepts queries for custom/private TLDs and handles them as mDNS (multicast DNS), never consulting the unicast nameserver specified in the resolver file. This is a fundamental change in behavior from macOS 25.x.
Impact
- Developers using dnsmasq +
/etc/resolver/ - Docker Desktop container name resolution via custom TLDs
- Kubernetes local development (minikube, kind, k3d)
- Vagrant, Tailscale, VPN clients using resolver files
Workaround
Manual /etc/hosts entries - impractical for dynamic use cases.