Comment 95 for bug 1754671

> For example, if you have a full-tunnel VPN with search domain
> 'example.com' and a local connection with search domain 'local.com',
> the following entries would be added to dnsmasq:

Please let's not talk about search domains. Those are completely different things, not related to what we're talking about here.

Search domains are purely a way to enable users to be lazy. I can type 'intranet" into my browser and it gets autocompleted to "intranet.company.com", for example.

They (should) have *nothing* to do with the choice of which DNS lookups get sent out on which connection. (Apart from the fact that we're doing this horrid thing with mixing them all together and prefixing one with ~, which is a technical detail.)

A full-tunnel VPN should end up with a *LOOKUP* domain of "" or "*" or "." or however you want to represent the default (currently there's no way for me to specify that even manually to work around this issue, I think).

I think that implementing the "~." support as suggested in comment 24 and then making full-tunnel VPNs automatically add that, would go a long way to dealing with this problem.

I'm not sure I understand the benefit of adding 'dns.default-priority' too. Is that *purely* a special case of ipvx.dns-priority, except for the "~." lookup domain alone? Does it need special-casing? Can't *all* the lookup domains of a given connection have the same priority, whether they're "~." or "~company.com." ?