An information exposure vulnerability has been found in NetworkManager when dnsmasq is used in DNS processing mode. An attacker in control of a DNS server could receive DNS queries even though a Virtual Private Network (VPN) was configured on the vulnerable machine.
We suggest to keep the default dns=default
in the NetworkManager configuration file to prevent DNS queries leaks to possibly hostile DNS servers.