I assume there is "systemd-resolved is running, so using resolvconf: /run/systemd/resolve/resolv.conf" in the deamon logs, or I don't understand what is going on at all.
I think there is a docker bug upstream here: if it sees a systemd-resolved process and /run/systemd/resolve/resolv.conf exists, it assumes systemd-resolved and copies /run/systemd/resolve/resolv.conf into the container. But it doesn't check that /etc/resolv.conf is a symlink to ../run/systemd/resolve/stub-resolv.conf, which is probably should.
Although... reading your report again, I wanted to check, when you activate the VPN does the /etc/resolv.conf symlink get replaced with a regular file? Or does the VPN software mutate /run/systemd/resolve/stub-resolv.conf? Because if it's the latter I'm not sure what docker can really do.
I assume there is "systemd-resolved is running, so using resolvconf: /run/systemd/ resolve/ resolv. conf" in the deamon logs, or I don't understand what is going on at all.
I think there is a docker bug upstream here: if it sees a systemd-resolved process and /run/systemd/ resolve/ resolv. conf exists, it assumes systemd-resolved and copies /run/systemd/ resolve/ resolv. conf into the container. But it doesn't check that /etc/resolv.conf is a symlink to ../run/ systemd/ resolve/ stub-resolv. conf, which is probably should.
Although... reading your report again, I wanted to check, when you activate the VPN does the /etc/resolv.conf symlink get replaced with a regular file? Or does the VPN software mutate /run/systemd/ resolve/ stub-resolv. conf? Because if it's the latter I'm not sure what docker can really do.