So I have come up with a working solution that actually solves all MY needs in this regard. Hopefully it will be of use or inspiration to some of you guys too...
Part 1 -- Switch NetworkManager to use dnsmasq (this will NOT work with resolved!) # apt-get install dnsmasq-base Add dns=dnsmasq to /etc/NetworkManager/NetworkManager.conf [main] section # systemctl disable systemd-resolved # systemctl stop systemd-resolved # systemctl restart network-manager Part 2 -- Modify VPN configuration (in /etc/NetworkManager/system-connections) DNS, Routes and reverse IP for the VPN networks can be tricked to work by modifying the [ipv4] section of the VPN configuration file: dns-search=example.lan;example2.lan;example.net # <-- make sure dns requests for these domains and all subdomains are sent to the VPN DNS servers, allowing the split DNS to work never-default=true # <-- make sure the VPN will not be made the default route ignore-auto-routes=true # <-- if you want to manually select the routes route1=192.168.1.0/24 # <-- sets up a route - with reverse dns forwarding to the vpn dns server for network 1 route2=192.168.2.0/24 # <-- sets up a route - with reverse dns forwarding to the vpn dns server for network 2 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624317 Title: systemd-resolved breaks VPN with split-horizon DNS To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1624317/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs