-
This is actually trying *too* hard to prevent DNS leaks, breaking normal expected use of split DNS. Let systemd-resolved handle sending our DNS queries to the right place instead. It's true that NetworkManager is trying to emulate the behavior of wg-quick here, and wg-quick uses 'resolvconf -x' to attempt to set "exclusive" DNS. But with systemd-resolved this is implemented by setting a ~. routing domain for the Wireguard interface. That is a *really* big hammer already, since Domain=~. overrides +DefaultRoute, ensuring most DNS queries can only go to other interfaces with Domain=~. NetworkManager follows systemd-resolved's recommended convention by only applying Domain=~. to other "privacy VPNs" since 1.26.6. Setting DNS priority only prevents *domain-specific* "leaks", which are almost always desired. For example, it prevents using both the Wireguard VPN and a corporate VPN at the same time. Note that all of the justification behind !688 applies here as well. See-also: !688 #585 !901