Please provide any extra information you can to reproduce and debug this issue. I can't reproduce it. If both IPv4 and IPv6 are set to not take the default route, things are behaving correctly here; just like the DNS settings are correctly configured when no split-tunnelling is in use at all.
Also note that this will not work if dns=dnsmasq isn't set; this is important as some versions of NetworkManager have disabled that feature. >From my logs; calling on to kill -USR1 dnsmasq before doing any tests (5 sent to local (192.168.0.1), 0 to the VPN (10.x.x.1) DNS): ug 19 14:04:30 demeter NetworkManager[2922]: <debug> [1471629870.6888] dnsmasq[0x5580dd157040]: dnsmasq update successful Aug 19 14:05:16 demeter dnsmasq[5238]: horodatage 1471629916 Aug 19 14:05:16 demeter dnsmasq[5238]: taille de cache 0, 0/0 insertions dans le cache entrées non-expirées réutilisées Aug 19 14:05:16 demeter dnsmasq[5238]: requêtes transmises 40322, requêtes résolues localement 448 Aug 19 14:05:16 demeter dnsmasq[5238]: queries for authoritative zones 0 Aug 19 14:05:16 demeter dnsmasq[5238]: serveur 192.168.0.1#53: requêtes envoyées 5, requêtes réessayées ou échouées 0 Aug 19 14:05:16 demeter dnsmasq[5238]: serveur 10.x.x.1#53: requêtes envoyées 0, requêtes réessayées ou échouées 0 Aug 19 14:05:49 demeter dnsmasq[5238]: horodatage 1471629949 Aug 19 14:05:49 demeter dnsmasq[5238]: taille de cache 0, 0/0 insertions dans le cache entrées non-expirées réutilisées Aug 19 14:05:49 demeter dnsmasq[5238]: requêtes transmises 40324, requêtes résolues localement 448 Aug 19 14:05:49 demeter dnsmasq[5238]: queries for authoritative zones 0 Aug 19 14:05:49 demeter dnsmasq[5238]: serveur 192.168.0.1#53: requêtes envoyées 7, requêtes réessayées ou échouées 0 Aug 19 14:05:49 demeter dnsmasq[5238]: serveur 10.x.x.1#53: requêtes envoyées 0, requêtes réessayées ou échouées 0 Aug 19 14:06:06 demeter dnsmasq[5238]: horodatage 1471629966 Aug 19 14:06:06 demeter dnsmasq[5238]: taille de cache 0, 0/0 insertions dans le cache entrées non-expirées réutilisées Aug 19 14:06:06 demeter dnsmasq[5238]: requêtes transmises 40325, requêtes résolues localement 448 Aug 19 14:06:06 demeter dnsmasq[5238]: queries for authoritative zones 0 Aug 19 14:06:06 demeter dnsmasq[5238]: serveur 192.168.0.1#53: requêtes envoyées 7, requêtes réessayées ou échouées 0 Aug 19 14:06:06 demeter dnsmasq[5238]: serveur 10.x.x.1#53: requêtes envoyées 1, requêtes réessayées ou échouées 0 Followed by tries to resolve www.google.com (local), www.canonical.com (local), at which point you reached 7/0; then lcy01.buildd (intended for the VPN), which brings the status up to 7/1. The only one that went to the VPN was the request for lcy01.buildd; and it was rejected NXDOMAIN (and didn't go to the local DNS at all). Everything happened as intended. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1603898 Title: DNS resolution fails when using VPN and routing all traffic over it To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1603898/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs