OS/X "etc/resolver/dev" isn't working – why not?

Question

I expect to be able to resolve the DNS name www.foobar.dev using a DNS server that's running in a VM on my OS/X (High Sierra) system because I have created an /etc/resolver/dev file containing the following one line: (specifying the VM's virtual address)

nameserver ww.xx.yy.zz

... but dig www.foobar.dev continues to consult the Internet nameserver,

while dig @ww.xx.yy.zz www.foobar.dev successfully retrieves the entry from the VM's DNS.

I've used the dscacheutil command to be sure that an errant entry is not in the DNS resolver cache.

So, why isn't the presence of an /etc/resolver/dev file with the specified contents sufficient to direct "anything.dev" to the specified DNS server?

Interestingly – sometimes it seems to work. Also, the command scutil --dns produces the following expected entry, which seems to indicate that the /etc/resolver/dev file is being detected!

resolver #8
  domain   : dev
  nameserver[0] : ww.xx.yy.zz
  flags    : Request A records
  reach    : 0x00020002 (Reachable,Directly Reachable Address)

Answer 1

It's probably working fine, you're just testing it wrong. dig (and host and nslookup) don't use the system resolver, nor do they fully implement the system resolver's lookup policy. As a result, they're useful for testing the DNS system itself, but not for testing how the OS uses DNS. The official way to test the system resolver is dscacheutil (e.g. dscacheutil -q host -a name www.foobar.dev), but that's annoyingly verbose, so I tend to just use ping and look at the IP it reports.