Comment 37 for bug 1688018

I found another workaround, that works fine without changing package versions or DNS servers.
It is tested with the issues I had with openconnect for NM.

it is "just" killing the dnsmasq instance and it gets restarted automatically which then results in a working system again. It easy and not pretty, but works. Then only (perhaps) noticeable interruption is a few seconds where DNS is not working 15 seconds after the connection has been established:

$ cat /etc/NetworkManager/dispatcher.d/99-openconnect-dnsmasq-bug
#!/bin/bash
set -e
# force restart of dnsmasq on vpn connect

if [[ "$1" =~ "vpn" ]] && [ $2 = "up" ]
then
  if [ -e /var/run/NetworkManager/dnsmasq.pid ]
  then
    $( sleep 15 && /bin/kill -15 $(cat /var/run/NetworkManager/dnsmasq.pid) )
  fi
fi