Comment 6 for bug 1520771

my work-around until this is fixed (dnsmasq DNS should be reset before settings VPN tunnel DNS) is to reset the dns of the vpn connection

we can only do that via dbus because dnsmasq do not expose it's configuration; we use a netwrok dispatcher script too, so:

in /etc/NetworkManager/dispatcher.d/99resetvpndns
#!/bin/sh

interface=$1
status=$2

case $status in
    vpn-up)
 # because dnsmasq keep DNS LAN and leak our DNS, reset DNS servers to PIA ones
 dbus-send --system --dest=org.freedesktop.NetworkManager.dnsmasq --type=method_call /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetServers
 dbus-send --system --dest=org.freedesktop.NetworkManager.dnsmasq --type=method_call /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetServers uint32:3520991966
 dbus-send --system --dest=org.freedesktop.NetworkManager.dnsmasq --type=method_call /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetServers uint32:3520991962
    ;;
    vpn-down)
    ;;
esac

and make the script executable

the uint32 are the DNS of your VPN converted to integer, use for example to do that http://www.aboutmyip.com/AboutMyXApp/IP2Integer.jsp