Prioritize VPN's DNS Server
As you accept using dnsmasq, how about this:
- Point your resolv.conf to 127.0.0.1 (nameserver 127.0.0.1)
- Try this config on your dnsmasq:
server=/internal.example.com/192.168.1.53
server=8.8.8.8
This would use 192.168.1.53 for domain "internal.example.com" and 8.8.8.8 for everything else.
Take a look at "-S, --local, --server=" option on dnsmasq man page.
Update: You may also want to disable DHCP, so to avoid conflicts with your local router. Maybe listening only on lo (127.0.0.1) interface.
It is possible to make dns priority with
nmcli -p connection modify MY_VPN_CONNECTION ipv4.dns-priority -42
found this here https://github.com/systemd/systemd/issues/6076
Thanks to JucaPirama's answer for the direction I needed, this is my final setup using dnsmasq in front of systemd-resolved.
Disable the systemd-resolved stub DNS server. In /etc/systemd/resolved.conf
change
#DNSStubListener=yes
to
DNSStubListener=no
Restart systemd-resolved.
sudo systemctl restart systemd-resolved
Install dnsmasq.
sudo apt-get install dnsmasq
Setup dnsmasq. In /etc/dnsmasq.conf, use systemd-resolved's resolv.conf file by changing
#resolv-file=/etc/resolv.conf
to
resolv-file=/run/systemd/resolve/resolv.conf
Set the VPN's DNS server for just its domains by adding
server=/internal.example.com/192.168.1.53
Disable DHCP to prevent any potential conflicts by changing
#no-dhcp-interface=
to
no-dhcp-interface=
Restart dnsmasq.
sudo systemctl restart dnsmasq
Unlink /etc/resolv.conf from systemd-resolved's configuration.
sudo unlink /etc/resolv.conf
Edit /etc/resolv.conf to use dnsmasq. This step might not be needed because Network Manager at some point overrode it to point to 127.0.0.53 anyway.
nameserver 127.0.0.53