Comment 121 for bug 1624317

TL;DR

I think the easiest solution would be to allow "." to be parsed as a valid domain name under the dns-search label when it is sent to nm-systemd-resolved.c . That would effectively allow us to choose to use the routing-only domain, thereby solving any problems with DNS leaks over network-manager-openvpn.