macOS Tahoe: DNSServiceBrowse returns kDNSServiceErr_NoAuth (-65555) only for meta-queries (_services._dns-sd._udp)

Hello,

I am experiencing a specific authorization error on macOS Tahoe when trying to discover all available service types on the local network. While the implementation works perfectly on iOS and macOS Sonoma, it fails on Tahoe with a specific error code.

The Issue

When calling DNSServiceBrowse with the meta-query string _services._dns-sd._udp, the function immediately returns kDNSServiceErr_NoAuth (-65555).

// This call fails on macOS Tahoe
DNSServiceErrorType err = DNSServiceBrowse(
    &ref, 
    0, 
    kDNSServiceInterfaceIndexAny,
    "_services._dns-sd._udp", // Meta-query for all services
    domc, 
    probe_browse_reply,
    (__bridge void *)self
);

Important Findings & Observations

• Specific Services Work: If I change the service type to a specific one (e.g., _http._tcp or _ssh._tcp) using NWBrowser, it works correctly and returns results. The error only occurs when browsing for _services._dns-sd._udp using DNSServiceBrowse.

• Local Network Permission: I have confirmed that the Local Network toggle is ON for my app in System Settings > Privacy & Security > Local Network.

• Entitlements: My app has the com.apple.developer.networking.multicast entitlement.

• Info.plist: Both NSLocalNetworkUsageDescription and NSBonjourServices (including _services._dns-sd._udp) are properly configured.

• Sandbox: The issue persists regardless of whether the App Sandbox is enabled (with incoming/outgoing connections) or disabled.

Environment

Not Working OS: macOS Tahoe 26

Working OS: macOS Sonoma, iOS 26

Question

It seems macOS Tahoe has introduced a stricter policy regarding Network Reconnaissance or meta-service browsing.

Is there a new requirement or a specific entitlement needed in macOS Tahoe to browse for _services._dns-sd._udp?

Any guidance on how to restore this functionality for network utility apps on macOS Tahoe would be greatly appreciated.

Best regards.