Comment 93 for bug 1754671

What is currently missing in my opinion is a flexible way to decide
which connections are used for default DNS queries (those not matching
any lookup domain).

A possible way to do this is to choose connections that have the
highest value of a new 'dns.default-priority' property. Since we want
to have default values that work for most users, the default value of
the property would be 'auto' (0), which means:

 * 1000 for full-tunnel VPNs
 * 500 for non-VPN connections
 * -1 for split-tunnel VPNs. -1 means that the connection is never
        used for default DNS lookups

For example, if you have a full-tunnel VPN with search domain
'example.com' and a local connection with search domain 'local.com',
the following entries would be added to dnsmasq:

/example.com/VPN-nameserver
/local.com/local-nameserver
VPN-nameserver # default

But if the VPN is split-tunnel (doesn't get the default route):

/example.com/VPN-nameserver
/local.com/local-nameserver
local-nameserver # default

If you want that all queries go through the full-tunnel VPN with no
exceptions, also set ipvx.dns-priority -1 for the VPN and dnsmasq will
be configured with:

/example.com/VPN-nameserver
VPN-nameserver # default

BTW, for ipvx.dns-priority we consider lower values with higher
priority while for dns.default-priority it's the other way around. I
believe doing ipvx.dns-priority that way was a mistake because it is
counterintuitive.

Users can also set custom value for dns.default-priority to tweak the
configuration to their needs.

What do you think? Any other ideas?