I ran into an interesting (and frustrating) networking quirk recently that I thought was worth sharing.
If you’re running Split DNS at home—where a subdomain resolves to your WAN IP externally but your router maps it to a different internal LAN IP when you’re inside the network—you might expect things to “just work.” And usually, they do.
But on macOS, if you have iCloud’s “Private Relay” feature enabled, all of your web browsers may fail to resolve that subdomain to the local LAN address. Instead, they try to go out to the WAN IP, breaking your internal routing.
What makes this tricky is that the behavior doesn’t show up in basic tests. Using tools like nslookup or ping in Terminal still returns the correct local IP. Yet in Safari, Chrome, and Brave, the same domain wouldn’t connect to my internal server. The culprit? iCloud Private Relay.
I had assumed that Private Relay would only affect Safari traffic, but it actually interfered with DNS resolution across the system for all browsers. Once I disabled it, everything immediately started working the way it was supposed to.
So, if you’re running Split DNS at home and notice that your browsers refuse to resolve local resources—even though command‑line tools work fine—check whether iCloud Private Relay is enabled. Turning it off solved the problem for me.
Hopefully this tip saves someone else a few hours of head‑scratching.
