Comment 41 for bug 1639776

It sounds like a different bug to me, if changing networkmanager fixes it without changing dnsmasq. I would file a new Launchpad bug with all the details you can provide. You can add a comment to this issue with a link.

In particular, please specify:
* If you're using IPv4 vs. IPv6
* If you have checked or unchecked the "Use this connection only for resources on its network"
* If you have this checked, try unchecking it and see if that makes a difference
* When you say "DNS lookups" please be clear about whether the hostnames being looked up are public (e.g., www.google.com or whatever), on your local LAN, or in the network accessed via the VPN. Does it make a difference which one you choose?
* Are you using fully-qualified hostnames, or relying on the DNS domain search path? Does it make a difference if you do it differently?

FYI, if you choose "Use this connection only for resources on its network" then different DNS lookups going to different servers is expected: the decision is made based on the DNS domain name; lookups for hosts with domains that are served via the VPN (as determined by information obtained from the DHCP response when you got an IP address over the VPN) will be sent to DNS servers in the VPN (again, based on DHCP). Lookups for hosts with domains that are not registered by the VPN will not be sent to the VPN's DNS server.

I assume (but have not tried) that if you don't check that box then all DNS lookups would go to the VPN DNS servers. However, this does mean that no local LAN hostnames can be resolved since your local DNS server will not be consulted. It also means if you have multiple VPN connections going, only one of them will have DNS available.

If you either use fully-qualified hostnames, and/or you ensure that the VPN's DNS domains come first in the search path, then I don't think there should be a security issue (unless you don't trust your normal DNS server, but that's an entirely different situation).