Prevent VPN DNS leaks with Ubuntu
You may notice DNS leaks when using a VPN configured with NetworkManager GUI under Ubuntu 17.10 (and previous releases). The issue is that systemd-resolved applies rules under which multi-label name lookups are routed to all local interfaces that have a DNS sever configured, plus the globally configured DNS server if there is one (cf. man systemd-resolved). As explained in this bug report on Launchpad, a simple workaround consists in adding the option
dns-priority=-42 (or any other negative value) in the connection configuration file under /etc/NetworkManager/system-connections. Indeed, as said in man nm-settings: Negative values have the special effect of excluding other configurations with a greater priority value.
sudo nmcli c reload then check again with ipleak.net, it should be OK.