Comment 12 for bug 1685391

Thanks Simon and Gamma for the extra insights!

I don't want to get into politics behind all that but this case appears to be point #8 on this list https://lists.dns-oarc.net/pipermail/dns-operations/2016-June/014964.html

There is this for domain limited networks https://github.com/systemd/systemd/commit/b9fe94cad99968a58e169592d999306fd059eb14 but our case here is about generally not asking "everybody" when dialing up a VPN for privacy.

@Gamma
It should be good to confirm that further by checking the status of it.
$ systemd-resolve --status
I'd expect in your case that this reports two links (local net + vpn) with dns servers each.

You might also test and verify the theory that systemd-resolved's behaviour is the root cause here by switching back to dnsmasq for a try:
https://askubuntu.com/a/899338/532139
If you happen to do so ensuring with a new pcap file would be great.

Once confirmed I thought that we add a bug task for systemd then, but I found a lot of already filed issues around all of this and I think it would be a dup to bug 1624317 then.
There are some suggested workarounds/configs in there as well that you could try for now.