I wonder if the issue has anything to do with the fact that the VPN creates a new network link that disappears when the VPN goes down - note that the purestorage.com domains are listed for tun0 when the VPN is up. When I turn off the VPN, tun0 disappears but the purestorage.com domains stay in the Global part of the status output:
$ systemd-resolve --status Global DNS Domain: home.digitalvampire.org purestorage.com dev.purestorage.com DNSSEC NTA: 10.in-addr.arpa 16.172.in-addr.arpa 168.192.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa corp d.f.ip6.arpa home internal intranet lan local private test Link 17 (tun0) Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no DNS Servers: 10.231.255.252 10.230.255.252 DNS Domain: purestorage.com\032dev.purestorage.com purestorage.com dev.purestorage.com Link 3 (wlp4s0) Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no DNS Servers: 2001:470:1f05:221::1 10.1.0.1 DNS Domain: home.digitalvampire.org Link 2 (enp0s31f6) Current Scopes: none LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1717995 Title: extra domains not removed from resolv.conf when VPN disconnects To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1717995/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs