In 16.04 the NetworkManager package used to carry this patch: http://bazaar.launchpad.net/~network-manager/network-manager/ubuntu/view/head:/debian/patches/Filter-DNS-servers-to-add-to-dnsmasq-based-on-availa.patch
It fixed the DNS setup so that when I'm on the VPN, I am not sending unencrypted DNS queries to the (potentially hostile) local nameservers.
This patch disappeared in an update. I think it was present in 1.2.2-0ubuntu0.16.04.4 but was dropped some time later.
This security bug exists upstream too: https://bugzilla.gnome.org/show_bug.cgi?id=746422 It's not a *regression* there though, as they didn't fix it yet (unfortunately!)
In 16.04 the NetworkManager package used to carry this patch: bazaar. launchpad. net/~network- manager/ network- manager/ ubuntu/ view/head: /debian/ patches/ Filter- DNS-servers- to-add- to-dnsmasq- based-on- availa. patch
http://
It fixed the DNS setup so that when I'm on the VPN, I am not sending unencrypted DNS queries to the (potentially hostile) local nameservers.
This patch disappeared in an update. I think it was present in 1.2.2-0ubuntu0. 16.04.4 but was dropped some time later.
This security bug exists upstream too: https:/ /bugzilla. gnome.org/ show_bug. cgi?id= 746422
It's not a *regression* there though, as they didn't fix it yet (unfortunately!)