Comment 31 for bug 1688018

I don't know if my issue is related to this or the few others I've seen, so I pre-apologize if this should be moved elsewhere or even if it's not relevant in this context. I'm far from an expert in DNS . . .

My experience was that after upgrading to 16.10 (or higher: it happens in 17.10, too, and I imagine it will in 18.04). DNS lookup for internal sites would fail when I was connected to an openconnect VPN.

In 16.04, my workaround was to comment out dnsmasq in NetworkManager.conf, but in 16.10, 17.04, and 18.04, this option no longer appeared. Also, I additionally had to comment out a reference to a local host in /etc/resolv.conf, which was added below the VPN-only nameservers, which in my case were sufficient. Recently, I tried Fedora 25 and was surprised to see the same issue -- this suggests it's not an Ubuntu-specific problem, unless Canonical is providing some libs that Fedora is using, I don't know.

I found this workaround for my particular case while again searching in a Fedora context for a workaround:

https://www.freedesktop.org/software/systemd/man/nss-resolve.html

TL;DR: I added "resolve [!UNAVAIL=return]" to the hosts line in /etc/nsswitch.conf right before any entry that has "dns" in it. This worked for me in Fedora and Ubuntu both. (Note that in the latest Arch release, this was not an issue for me.)

I'm hoping that this comment will prove helpful to anyone like me who might be searching in vain for a workaround.