Comment 92 for bug 1211110

Hashem Nasarat (hnasarat) wrote :

Here's how you fix the issue:

This is a bug that's fixed in upstream NetworkManager. That said, the various GUI tools which write the NetworkManager config files haven't been updated to ensure that DNS leaks are prevented when using vpn connections.

To prevent system dns from appearing and being used in /etc/resolv.conf when using a VPN, edit your vpn configuration (i.e. the file in /etc/NetworkManager/system-connections/<vpn name>) so it's something like this:

[ipv4]
dns=<vpn dns server ip address>;
ignore-auto-dns=true
method=auto
dns-priority=-1

the negative dns-priority means only this dns server will be used.
Then reload the config file:
sudo nmcli c reload <vpn name>

and toggle the vpn.

/etc/resolv.conf should now only include the one dns ip address defined in the config file.

References:
https://developer.gnome.org/NetworkManager/stable/settings-ipv4.html
https://bugzilla.gnome.org/show_bug.cgi?id=758772