Ok, I think I found the problem:
Looking at pcaps of DNS traffic :
System resolver asks for test.local. It stops there because there is a dot in the name.
Go asks for test.localthen asks for test.local + search domain (say test.local.example.com)
the difference is that system resolver only adds search domain if domain does not contain a dot. the ndots setting of resolv.conf controls that (from man resolv.conf):
Resolver queries having fewer than ndots dots (default is 1) in them will be attempted using each component of the search path in turn until a match is found.
so default only uses search domains if there is no dot in name, while Go disregards that and queries search domains regardless of what is in the name
And the reason it happens on my setup is because one of my predecessors added CNAME *.local.example.com -> local.example.com (for some goddamn reason...) and A local.example.com 127.0.0.1 which means when I tried to resolve any.name.dot.local it resolved to 127.0.0.1...