nameserver 18.104.22.168 port 5353 timeout 1
So, if like me, your company used company.local for its internal DNS, you're royally screwed. No, adding the domain suffix to the domain search box in Preferences doesn't work.
Note: Please stop sending me e-mail on this, since they already know it's a mistake and use internal.company.com instead (if you bother to check the page history, it pre-dates February 2003, so this has already been discussed to death).
Nevertheless, the fact that the resolver will not let a manually-configured/DHCP-assigned DNS domain suffix take precedence over .local is, in my view, a mistake on Apple's part. This seens to have been fixed on Panther, but I have no reason to connect my Mac to the company network anymore (and even if I did, they changed the DNS layout and I cannot reproduce it).
The symptoms are as follows: doing an nslookup for "intranet.company.local" works, trying to browse to it or ping it fails with a lookup error. Wierd, huh? Took me a while to figure out that the resolver (lookupd) was at fault here.
Since I use a NAT/tunneling gateway at 192.168.0.1 to reach my company intranet (which has a DNS relay), I hacked /etc/resolver/local to read:
nameserver 192.168.0.1 port 53 timeout 1
And nudged lookupd with:
sudo kill -1 `cat /var/run/lookupd.pid`
Adding another file for "company.local" ought to work, but I couldn't get it to before 10.3. Nevertheless, this hint apparently works now.
I had spent quite some time poring over the lookupd manpage (which goes into great detail as to what exactly lookupd can query, NetInfo and file-based configurations, but does not tell you that .local actually means EVERYTHING to the left of .local).