I experienced similar problems, for example with adding an extra USB wifi dongle.
First I disabled dnsmasq in networkmanager as described above and I stopped dnsmasq (service dnsmasq stop)
I noticed that when resolving broke during my VPN connecting, the routing table looks slightly different (output of route command).
The name of the Gateway is DD-WRT in the case it does not work and simply 'gateway' when it does work.
The output of this did not change:
nmcli device show wlp1s0 | grep IP4.DNS
It kept showing my router IP.
A workaround to get it to work for a while is to restart systemd-resolvd:
sudo service systemd-resolved restart
Since dnsmasq is out of the equation, it is either systemd-resolvd that is the cause of the issue, or anything changing the routing table.
So this is the only difference I see:
ubuntu@ubuntu-Lenovo-Yoga-2-11:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gateway 0.0.0.0 UG 601 0 0
which works.
And this when it does NOT work:
ubuntu@ubuntu-Lenovo-Yoga-2-11:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default DD-WRT 0.0.0.0 UG 601 0 0 wlp1s0
And the same name difference on the VPN line :
vpn-dns.name gateway 255.255.255.255 UGH 0 0 0 wlp1s0
Who knows what may influence the routing table?
It would be great if we can identify this so a bug report can be filed.
I am getting seriously sick and tired of pursuing all these bugs, but I would like to get them fixed so future users and us will be happy :).
[update]
It seems stopping systemd-resolved may fix this and not negatively impact other stuff. You can try that and let it know if it does break stuff.
I saw when running systemd-resolvd in debug when it broke:
Removing scope on link wlp1s0, protocol llmnr, family AF_INET
Removing scope on link wlp1s0, protocol llmnr, family AF_INET6
Removing scope on link *, protocol dns, family *
To disable:
sudo systemctl disable systemd-resolved.service
I updated the Ubuntu report with suggestions.
[/update]
Add: Note: the bug report :
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1624317
has a patch for 17.04 for some issues.
Please check the bug report and if possible test the patch. Thank you!
[update]
Please check the above mentioned bug report, the issue seems to be resolved for 17.10 and with a simple command DNS leakage can be disabled too.
[/update]
I've found a solution.
First, disable systemd-resolve:
sudo systemctl disable systemd-resolved.service
sudo systemctl stop systemd-resolved
Remove the symlink for resolv.conf and create a file:
rm -rf /etc/resolv.conf
touch /etc/resolv.conf
chmod a+rw /etc/resolv.conf
Now change the configuration file for Network Manager to restore the expected result: vi /etc/NetworkManager/NetworkManager.conf:
[main]
plugins=ifupdown,keyfile
# add this line
dns=default
and leave the rest of the file as is. Restart Network Manager:
sudo /etc/init.d/network-manager restart
and configure your preferred DNS servers. Done!
Best Answer
Looks like this is by design. Pottering closed the issue https://github.com/systemd/systemd/issues/2514 with a wont-fix.
systemd-resolveddoes not support simple names over DNS, only fqdn, and ignores the search directive.