DNS resolution fails for internal .local domains over VPN (NS_UNKNOWN_HOST)

[tomas-s]

Description

Zen Browser is unable to resolve internal .local domains provided via VPN DNS and returns NS_UNKNOWN_HOST, even though DNS resolution works correctly at the OS level and in Firefox on the same system.

This makes Zen unusable in corporate VPN environments with internal DNS.

Environment

Zen Browser version: 1.17.15b
Operating System: MAC OS Tahoe - 26.2
VPN client: Endpoint Security VPN

Example affected domain:
stash.company-name.local - internal domain behind the vpn

Steps to Reproduce

Connect to corporate VPN
Open Zen Browser
Navigate to: https://stash.company-name.local
Observe DNS resolution failure: NS_UNKNOWN_HOST
Using Firefox browser with the same configuration everything works well.

Expected Behavior
Zen Browser should use system/VPN-provided DNS resolvers and successfully resolve internal domains (same behavior as Firefox).

Actual Behavior
Zen Browser returns:
NS_UNKNOWN_HOST
Diagnostics
DNS works correctly outside the browser: nslookup stash.company-name.local → 10.0.122.14

Accessing the service via IP works page is loaded: https://10.0.122.14
(certificate warning is expected due to hostname mismatch)

about:networking#dns shows:
Internal DNS suffixes:

• app.company-name.com
• corp.company-name.com
• rnd.local
• company-name.local

DNS over HTTPS: OFF
DOH Mode: 0
DoH endpoint still configured:
https://mozilla.cloudflare-dns.com/dns-query

Confirmed Workaround

Adding a static entry to /etc/hosts resolves the issue immediately:
10.0.122.14 stash.company-name.local

This confirms that:
The network connection is functional
Zen Browser is not correctly using system/VPN DNS resolvers
The issue is specific to Zen’s DNS resolution layer

Conclusion

Zen Browser appears to:

• Ignore or incorrectly handle VPN-provided DNS
• Fail to resolve internal .local domains
• This behavior differs from Firefox and is a blocker for corporate/VPN usage.

Zen browser DNS settings: