NetworkManager should use dnsmasq's --servers-file=<file> option
dnsmasq has the following argument:
For a "split DNS" configuration using NetworkManager-openconnect (where internal/VPN'd addresses are resolved using the VPN's DNS and external addresses are resolved using the external DNS), NetworkManager could write out a file on network status change suitable for dnsmasq's --servers-file
argument.
For example, a poor man's solution can be done today with /etc/NetworkManager/dnsmasq.d/vpn-dns
configuration file containing
server=/example.com/42.42.42.42
server=/vpn.example.com/#
where 42.42.42.42 is the internal VPN DNS.
But there are a couple of problems:
- You must know the IP address of the VPN DNS, and explicitly configure it here
- Publicly available example.com addresses are now no longer accessible when not VPN'd, which necessitates the vpn.example.com rule to always make it resolvable... otherwise no VPN
But NetworkManager has all the information to write out this file itself (say, on VPN connect or disconnect) and doing so would avoid both of these problems, thereby making this "split DNS" configuration much more usable.
Thanks!