I don't think this should be considered a 'feature request'. If you have a full-tunnel VPN, your employer will *expect* all your network traffic to go via the VPN as if you were dialled directly into the corporate network. Allowing some of the DNS traffic to "escape" to be seen by potentially malicious local DNS servers is utterly wrong.
In particular I don't agree this is a 'feature request' for 16.04 because it *used* to work there. You fixed it once with this patch: http://bazaar.launchpad.net/~network-manager/network-manager/ubuntu/view/head:/debian/patches/Filter-DNS-servers-to-add-to-dnsmasq-based-on-availa.patch That patch got dropped in an update, so this isn't just a security problem but also a regression in 16.04. cf. https://bugzilla.gnome.org/show_bug.cgi?id=746422 https://bugzilla.redhat.com/show_bug.cgi?id=1553634 ** Bug watch added: GNOME Bug Tracker #746422 https://bugzilla.gnome.org/show_bug.cgi?id=746422 ** Bug watch added: Red Hat Bugzilla #1553634 https://bugzilla.redhat.com/show_bug.cgi?id=1553634 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/666446 Title: NetworkManager VPN should offer an option to use *only* VPN nameservers To manage notifications about this bug go to: https://bugs.launchpad.net/network-manager/+bug/666446/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
