I suppose I'm lazy - I've always used /etc/hosts, but then again, I've never had use cases like those mentioned in the linked gist.
https://github.com/apple/container/issues?q=is%3Aissue%20sta...
All Feedbacks that you file are private to your own Apple Account.
Here’s a GitHub comment showing someone on MacOS 26 with a `.test` domain, which you claim is broken: https://github.com/apple/container/issues/856#issuecomment-3... —- maybe you are configuring it incorrectly.
New-UnboundInterface.sh - linux/rhel-like specific
# create a bridge interface for Unbound
# because Docker...
IFTYPE=bridge
IFNAME=unbound0
IPADDR=10.53.0.1
IPADDR6=fd53:fd53:fd53::1
nmcli connection add type $IFTYPE ifname $IFNAME
nmcli connection modify $IFTYPE-$IFNAME ip4 $IPADDR/32
nmcli connection modify $IFTYPE-$IFNAME ipv4.dns $IPADDR
nmcli connection modify $IFTYPE-$IFNAME ip6 $IPADDR6/64
nmcli connection modify $IFTYPE-$IFNAME ipv6.dns $IPADDR6
nmcli connection up $IFTYPE-$IFNAME
firewall-cmd --new-zone=unbound --permanent
firewall-cmd --zone=unbound --permanent --change-interface=$IFNAME
firewall-cmd --zone=unbound --permanent --add-service=dns
firewall-cmd --reload
# should be placed in /etc/unbound/conf.d
# bind to a specified IP address, allow access
server:
interface: 10.53.0.1
interface: fd53:fd53:fd53::1
access-control: 10.53.0.1/32 allow
access-control: fd53:fd53:fd53::1/128 allow
# allow queries from the Docker "bridge"
server:
access-control: 172.18.0.1/16 allowI will say, I don't love the use of LLMs to write these bug reports. It's probably fine if reviewed, but at least review for things like "worked on macOS 25", which obviously didn't exist. If that wasn't caught, how sure are you that the rest of the report is accurate? We all want the bugs fixed, but people are going to start throwing out the obviously LLM written reports rather than have to validate each claim, since the author probably didn't.
- Reference Presets no longer allow setting arbitrary SDR nits, making it impossible to natively unlock 1600nits of brightness on MacBook Pros or 2000nits on Studio Display XDR which breaks my Lunar app [0] (this seems to be intended, no idea what hurt Apple that they had to block this under SIP)
- The orange microphone dot indicator and its very colored friends can no longer have their brightness changed for dimming them, which made my YellowDot app useless [1] (I guess this is for privacy, I still think this could have a setting guarded under TouchID like Accessibility Permissions works)
- Floating non-titled windows don't accept mouse events (thankfully this got fixed) [2]
- Gamma table changes don't work on MacBook Neo and M5 Pro/Max which breaks Sub-zero Dimming and dimming external monitors that don't support DDC (thankfully, Apple is looking into it) [3]
- The resizing area thing on very rounded windows which drives everyone nuts, I had to add custom resize handlers to some of my windows
- The `com.apple.SwiftUI.Drag-` temporary file paths that get generated for any file that gets dragged from a drag&drop handler which makes it impossible to get to the original file when dragging images from Clop [4] or file shelf apps like Yoink, Dropover etc.
- NSImage returning different pixel count for .size than what the image actually has, breaking workflows that depended on that to determine the image DPI
[1] https://github.com/FuzzyIdeas/YellowDot/issues/18
[2] https://developer.apple.com/forums//thread/814798
But that only really helps you when you're dealing with websites in a browser, and when you want the address to resolve back to your local machine. So it wont help you with other programs like python/wget/etc or any calls you make to getaddrinfo()
I set that up in like 2014? Even back then it was known already that the quick /etc/resolver way was the deprecated way to do things. So I guess they finally killed that feature off?
The proper (more awkward) way is to use scutil directly (which then stores the settings in some binary plist somewhere, I assume).
Maybe try this and see if it still works afterwards?
Ignoring the current Tahoe mess, MacOS felt relatively polished. I'm purely talking about UX here, as the OS is evidently buggy. The most popular Gnome themes are a re-impl of MacOS, so I can't be the only one.
Programs like LittleSnitch never really seem like "enough" for me, because the computer has to boot before DNS filtering comes online. It also has the design error (IMHO) of pre-resolving IP addresses before clicking Accept/Deny(all).
A great blockrule for your personal firewalls would be to ban (at top level) icloud.com, apple.com, &c; system updates can then be performed manually using guides like <http://www.mrmacintosh.com>. Of course: this breaks everything (in exactly the way I prefer to compute).
There's a game I play (Old School Runescape) that does network ticks every .6s. Mac does some sort of aggressive optimization on the network hardware/software, so network this infrequent doesn't keep the layers "hot", and you end up getting delayed ticks regularly, meaning you learn what should be happening in the game .2-.5s late. This optimization for (I assume) battery life makes the software not work as intended.
Playing anything that streams, like video, or triggering TCP connections (e.g. curl) at a more frequent clip while the game is running fixes the problem.
No way other than hacks that I've found to fix it, and I have no idea how you could report this to the right team at Apple to get it actually fixed.
It's been this way for decades. Microsoft was known for preserving backwards compatibility, while Apple was known for being willing to break stuff.
The differences aren't that extreme in reality: Microsoft breaks stuff more than it used to, while Apple has become comparatively more conservative than once upon a time.
Hopefully Apple will do the same for macOS 27.
[1] https://www.macrumors.com/2026/03/15/ios-27-will-reportedly-...
These days I’m just using Caddy to do ..localhost for my web dev and it works like a charm.
This is exceptionally sloppy on Apple’s part.
If you just want to resolve 127.0.0.1 then you just resolve hostname "localhost" or use 127.0.0.1 directly.
Personally i don't bother configuring custom private dns zones, instead i use reserved MDNS *.local that autoconfigure everything using machine name (hostname) and DHCP address: somehostname.local in A <dhcp assigned ip>.
If you want valid certs you can generate them with mkcert and add them to your system trust store.
That’s what makes the LLM bug report make no sense in light of OP’s report here. Bug says it’s a regression from 25.x (which doesn’t exist), so maybe they mean 15.x? But OP says they “woke up” and it was upgraded and broken, but macOS doesn’t major version upgrades w/o user action. So which is it?
Next question: what reason would Apple have to make a change that would interfere with developers using their operating system?
I thought we all just dealt with the overpriced hardware, the prisons, the control, that they are a US company that gives away data to the government(PRISM), has weak security(Pegasus), lies about hardware issues(butterfly keyboard and holding your phone wrong), deceptive marketing...
All so we can compile iOS apps.
If you arent compiling iOS apps... Do you not know about Fedora? Ofc Windows sucks, but we have Fedora.
Maybe the poster is running a local LLM.. you’d think that a SOTA model would have surmised that an overnight MacOS upgrade can only be a minor version.
the resolver confs all contain this content:
# /etc/resolver/example-private
nameserver: 127.0.0.1
domain example-private
# The domain directive is only necessary, if your local
# router advertises something like localdomain and you have
# set up your hostnames via an external domain.
It absolutely is for privacy, to stop malware or trojan programs from obscuring their accessing the camera or microphone.
> Reference Presets no longer allow setting arbitrary SDR nits, making it impossible to natively unlock 1600nits of brightness on MacBook Pros or 2000nits on Studio Display XDR which breaks my Lunar app [0] (this seems to be intended, no idea what hurt Apple that they had to block this under SIP)
OLED displays are widely expected this year. Not wanting to have to deal with "my battery life is an hour and a half instead of 10, what's going on!? Replace my battery!" nonsense is probably the remainder.
ArchiveBox now uses this feature by default in the latest version to finally offer unique per-snapshot domain isolation, so we can safely replay archived JS without risking compromise of your whole archive.
Such an awesome feature, the barrier to do this used to be prohibitively high but now it "just works".
There's bugs in the OS, like pretty much every OS, but I rarely interact with them should they manifest.
"Your password is required to
log in"
They also do strange choices regarding shipped software. For example they ship ancient bash 3, apparently because they hate GPLv3 or something like that. I like GPLv3 and this choice makes macos user-hostile.
There is a simple checkbox within the DNS's web interface to `Allow WAN Requests`. You'd then only run into issues of accessing your local IP addresses if those hosts aren't configured correctly within your network rulesets.
----
I am a user, not an expert; by trade, I am a blue collar electrician. I know very little about internet topology except how to use simple open-source hardware. Perhaps what you said makes sense (e.g. that you cannot use outside your network, some service(s)).
I think it's fine to have an llm write a first or second draft of something, then go through and reword most of it to be in your own voice.
Apply this argument to code, to art, to law, to medicine.
It fails spectacularly.
Blaming the tool for the failure of the person is how you get outrageous arguments that photography cant be art, that use of photoshop makes it not art...
Do you blame the hammer or the nail gun when the house falls down, or is it the fault of the person who built it?
If you dont know what you're doing, it isnt the tools fault.
That said, I still prefer Linux. I think my biggest papercut there has been suspend/power management being broken in some way or another on both laptop and desktop for the last 8 years.
I have done a lot of technical writing in my career, and documenting things is exactly where you run into the worst design problems before they go live.
Lawyers thoughtfully write laws that other lawyers understand. I’m not sure why that’s confusing.
Containers ran using docker are called containers, not dockers.
Finder is bad enough on its own, but the 1:N mapping from logical directories to filesystem directories (like photos, home, applications, etc) makes it essentially unusable without spotlight.
Notifications are flaky as hell (missing phone calls and messages from contacts, but displaying explicitly blocked spam sms).
Copy paste between devices has never worked right.
Which part of the OS is not terrible in your experience?
Edit: also, compatibility with video games (even ones released for macos) is abysmal. It’s much worse than Linux’s ability to run the Windows version of MacOS native releases!
Best option is probably to set dev.our-root-domain.com in /etc/hosts
I may have a generational bias (I am almost 49), but I think the fondness is due to lack of UI surprise. A button was a button, a menu was a menu with clear shortcuts, etc. There were no mystery scrollbars that required specific interactions to appear or expand. Don't get me wrong, I'm a happy-ish MacOS user and love screen size, clear fonts, etc that we get in the modern world, but I think we've all had moments of frustration when we had to go on a scavenger hunt in an app and cursed those who didn't leave well enough alone.
It straight up broke some interfaces too
What might lead Apple to make a change that would reduce the audience of their devices. I don't develop on macOS but I know developers who do. Did they just make a mistake and they're gonna fix it?
Quite frankly, while having an LLM draft and rewriting it would be okay, I do not believe it is reasonable to expect that to ever happen. It will be either like high school paper plagarism (Just change around some of the sentences and rephrase it bro), or it will simply not even get that much. It is unreasonable with what we know about human psychology to expect that "Human-Rewrites of LLM drafts", at the level that the human contributes something, are maintainable and scalable; Most people psychologically can't put in that effort.
Plus, when someone wrote the documentation, I can ask the author about details and they'll probably know since they had enough domain expertise and knowledge of the code to explain anything that might be missing. I can't trust you to know anything about the code you had an AI generate and then had an AI write documentation for.
Then there's the accuracy issue. Any documentation can always be inaccurate and it can obviously get outdated with time, but at least with human-authored documentation, I can be confident that the content at some point matched a person's best understanding of the topic. With AI, no understanding is involved; it's just probabilistically generated text, we've all hopefully seen LLMs generate plausible-sounding but completely wrong text enough to somewhat doubt their output.
Ah, the joys of waking up to find the Mac's done an overnight upgrade… and erm, suddenly things stop working. Thankfully, me and Claude managed to work out what the fuck is going on… I'm sharing here, as well as having raised in on https://feedbackassistant.apple.com/feedback/22280434 (that seems to need a login?).
Product: macOS 26.3.1 (Darwin 25.3.0, Build 25D771280a) Component: Networking → DNS / mDNSResponder Regression from: macOS 25.x 26.3.0 (working immediately prior to overnight update)
The /etc/resolver/ per-domain DNS resolver mechanism — an Apple-documented, long-standing macOS feature — is silently broken in macOS 26 for any TLD that is not present in the IANA root zone. mDNSResponder intercepts queries for custom/private TLDs and handles them as mDNS (multicast DNS), never consulting the unicast nameserver specified in the resolver file. This breaks an entire class of local development and private network DNS workflows that previously worked correctly on macOS 25 and earlier.
macOS supports per-domain DNS resolver configuration via files placed in /etc/resolver/. A file named /etc/resolver/internal containing nameserver 127.0.0.1 instructs the DNS stack to send all *.internal queries to the local nameserver at 127.0.0.1. This mechanism is documented in man 5 resolver and has worked reliably since at least macOS 10.6. It is widely used by developers running local DNS servers (dnsmasq, bind, unbound) to resolve private domain suffixes.
This machine runs dnsmasq (via Homebrew) as a local DNS resolver, configured to answer queries for *.internal domains (static entries for a local web application) and forward everything else upstream. The /etc/resolver/internal file routes these queries to dnsmasq. This setup worked correctly on macOS 25.x.
Install dnsmasq and configure it to answer a custom domain:
# /opt/homebrew/etc/dnsmasq.d/test.conf
address=/probe.example-private/127.0.0.1
Start dnsmasq: brew services start dnsmasq
Verify dnsmasq answers directly:
dig @127.0.0.1 probe.example-private A +short
# Returns: 127.0.0.1 ✓
Create a resolver file:
sudo sh -c 'echo "nameserver 127.0.0.1" > /etc/resolver/example-private'
Flush DNS cache and restart mDNSResponder:
sudo dscacheutil -flushcache && sudo killall -HUP mDNSResponder
Verify scutil --dns shows the resolver is registered:
scutil --dns | grep -A4 "example-private"
# Shows: domain: example-private, nameserver: 127.0.0.1 ✓
Attempt to resolve via the system resolver:
ping -c1 probe.example-private
# ping: cannot resolve probe.example-private: Unknown host ✗
python3 -c "import socket; print(socket.getaddrinfo('probe.example-private', 80))"
# socket.gaierror: [Errno 8] nodename nor servname provided, or not known ✗
ping, curl, and any application using getaddrinfo() should resolve probe.example-private to 127.0.0.1, as specified by the dnsmasq address= directive, reached via the /etc/resolver/example-private unicast nameserver entry. This is exactly what happened on macOS 25.x.
All resolution via getaddrinfo() (i.e. every real application — browsers, curl, ping) fails with "Unknown host". No DNS traffic reaches dnsmasq. Instead, mDNSResponder intercepts the query and immediately returns a cached "No Such Record" mDNS response with an anomalously large TTL (~108002 seconds).
Evidence from dns-sd -G v4 probe.example-private:
Timestamp A/R Flags IF Hostname Address TTL
11:42:03.617 Add 40000002 0 probe.example-private. 0.0.0.0 108002 No Such Record
Evidence from tcpdump -i lo0 -n port 53 captured during a getaddrinfo() call:
0 packets captured
No packets reach dnsmasq on 127.0.0.1:53 at all. mDNSResponder handles the query entirely internally via mDNS and never consults the unicast nameserver.
Tested TLDs that fail:
| TLD | Status | Notes |
|---|---|---|
.internal |
Broken | IETF draft special-use TLD; worked on macOS 25 |
.test |
Broken | RFC 6761 §6.2 — explicitly reserved for local testing |
.home.arpa |
Broken | RFC 8375 — IANA reserved for residential private networks |
.lan |
Broken | Widely used convention (not IANA reserved, but irrelevant) |
Arbitrary (e.g. .emflocal) |
Broken | Any TLD not in the IANA root zone |
.test is particularly egregious: RFC 6761 Section 6.2 explicitly reserves .test for exactly this use case — local/private DNS testing — and specifies that resolvers SHOULD resolve it via normal DNS mechanisms. macOS 26 silently overrides this by treating it as mDNS-only.
google.com, bbc.co.uk and other standard IANA-registered TLDs continue to work correctly via the default unicast resolver. Only custom/unregistered/special-use TLDs are affected.
The only reliable workaround is to add entries manually to /etc/hosts, which bypasses mDNSResponder entirely. This is impractical for dynamic use cases (e.g. Docker container DNS, where host entries change frequently) and requires sudo for every change.
This breaks the standard local development DNS workflow that has been documented and recommended by the macOS developer community for over a decade:
/etc/resolver/ for *.test, *.local, *.internal, or other private TLDs/etc/resolver/ entries as part of its macOS integration (e.g. Vagrant, Tailscale, various VPN clients)*.cluster.local or similarThe failure is silent: scutil --dns correctly shows the resolver configuration is registered, leading users to believe the setup is correct while resolution silently fails. There is no log output, no error, and no indication that mDNS interception is occurring.
dig @127.0.0.1 (works), host (works — uses own resolver), ping/curl/python3 socket.getaddrinfo (all fail)man 5 resolver (macOS) — documents the /etc/resolver/ mechanism.test, .localhost, .invalid, .example)home.arpa.internal special-use proposal(And apologies if it seemed that I was insinuating ill intent on your part.)
It might give efficiency gains for the writer, but the reader has to read the slop and try to guess at what it was intending to communicate and weed out "hallucinations". That's a big loss of efficiency for the reader.
I think my major concern here would be if people were going to websites which might be considered illegal within their jurisdiction (e.g. guest_DNS_user searches for out of state abortion providers — while you[r DNS] live[s] in Texas).
Perhaps the State sees guest_DNS_user's query to plannedparenthood.com, then decides your vehicle tag is worth tracking for potential out-of-state (via e.g. Flock cameræ)... or that you are guilty of facilitating an abortion for someone else... all because your DNS server provided IP resolution for guest_DNS_user to Planned Parenthood Colorado (et.al).
----
This would have been too far-fetched for me to have considered/written, even just a few years ago. It's all reality, now. Are you targetable enough?
DNS leaks are another reason I don't care for LittleSnitch (which pre-resolves IP address before the accept/deny pop-up even appears.
With LLMs this is less clear, you don’t get the old school artifacts, instead you get hallucinations, and very subtle errors that completely alter the meaning while leaving the sentence intact enough that your reader might not know this is a machine translation error.
[1]: https://gs.statcounter.com/os-market-share/desktop/worldwide...
and it will also "clean up" the text to the point where important nuances and tangents get removed/transformed into some perfect literature where it loses its meaning and/or significance
The solution to this form of elitism was not to make everyone speak RP, but to encourage non-RP accents, which is more common in the modern BBC.
Your comment seems elitist by encouraging the use of artifice to fit better into an elitist world, rather than breaking down elitism.
For example, you chose to read my response and attack the vocabulary as if that was the point I was trying to make. This is a misunderstanding. I am purposefully reusing the word choice of the comment I'm replying to.
I was trying to very concisely point out that if an LLM is generating your writing it is not your words or your thoughts that you're trying to communicate.
"… but reviewed by a human / me for accuracy."
1. Am I allowed to ask an AI to proofread a draft for grammatical errors?
2. Am I allowed to ask an AI to proofread a draft for technical errors?
3. In both #1 and #2, am I allowed to ask the AI to suggest revisions, or is it only allowed to point out what's wrong and why?
4. If I write a sentence like "Lucy's laughter ___ her underlying anxiety" and I'm having trouble coming up with the right word to fill in the blank, can I give the sentence to an AI and ask it for a list of possible options?
5. While brainstorming, can I use an AI as a souped up rubber duck before I begin writing?
https://www.icann.org/en/board-activities-and-meetings/mater...
A look on Google or Wikipedia would also clear that up faster than I can type this response https://en.wikipedia.org/wiki/.internal
Not OP, but accessibility tools on mac put other desktop OSes to shame.
https://store.steampowered.com/hwsurvey/
Also, the 16% “unknown” in the graph you linked to implies huge error bars on macos vs linux!
Linux can run Windows native games because Valve has shoved millions and millions into perfecting Proton.
And I still wonder why Apple hasn't just dumped a billion on Valve's door to build a similar tool for macOS.
That position still fits your scenario, where if they're not actually caring enough to read it then you don't need to care enough to write it, but for something like this targeted at a technical audience it's a higher bar.
Also of course the accuracy of the writing is relevant in both cases, which is something LLMs are absolutely worse than humans at, as noted in some of the comments here this article had the LLM hallucinate the existence of macOS 25 which is a mistake no human would have made while writing such an article entirely by hand.
I was unable to resolve it and ended up reinstalling.
Edit: I can only find 3rd party resources. The only first party is for older macbooks (intel based)
I'm not sure how Apple acolytes can say this stuff seriously what with the deluge of complaints and completely broken features and terrible UI their own kind have been posting about it recently. You can't accept that Apple could possibly do wrong?
I don't really understand your philosophy if you're opposed to an LLM pointing out when someone got the tense wrong.
Apple really is leaving everyone else years behind in making hardware. Yet they’ve never done what I would consider obvious geek-friendly things to MacOS. I’m sad about it too, and I wish the OS were better.
Remind me which OS we were talking about again? Because it sounds like all of them. OS usage as a team sport is just dumb.
It seemed like you could just play games with it, but that Apple didn't want you using it that way.
They’re both forks of wine ( https://www.winehq.org ) - the game porting toolkit's main addition is that it'll also convert Vulkan shaders to Metal.
Setup is more of a hassle because it's not integrated into Steam, or into the OS as a handler for .exe files, etc. But you can install the Windows version of Steam using the game porting toolkit, and then download & launch windows games from there.
I suspect the main reason they don't want to pitch this as an end-user feature is that it’s dependent on their x86->ARM translation layer, which they probably want to ditch in a few years. But it’s there for now!
The reason why I don't upstream is because.. it's AI and half the changes are very opinionated. However, my enjoyment and productivity went up a lot. My KDE is closer to hyprland than anything and I love it.
I for sure see the appeal. Even if macOS desktop were open source, though, I doubt I'd do much about my complaints. For my use cases, I don't want to turn OS maintenance into a hobby, and whatever complaints I might have aren't big enough to go to the trouble to begin with.
Bespoke user land does have its temptations, though. Maybe I'll finally get off my butt and load up a distro on that old 2012 MBP that doesn't get macOS updates anymore.
By the way autocorrect on the iphone got worse recently, bunch of times it "corrected" the word to a wrong one for me