network-manager refuses to forward "default" DNS queries when using OpenVPN

I'm trying to use NetworkManger with OpenVPN and whenever I connect it kills my ability to resolve any names *not* provided by the VPN connection. This is a NetworkManager policy error somehow as if it actually tried *any* nameserver it would work.

Prior to bringing up VPN:

Apr 20 16:24:24 challenger NetworkManager[2691]: <info> (wlan0): DHCPv4 state changed preinit -> reboot
Apr 20 16:24:24 challenger NetworkManager[2691]: <info> address 192.168.1.24
Apr 20 16:24:24 challenger NetworkManager[2691]: <info> prefix 24 (255.255.255.0)
Apr 20 16:24:24 challenger NetworkManager[2691]: <info> gateway 192.168.1.1
Apr 20 16:24:24 challenger NetworkManager[2691]: <info> nameserver '192.168.1.51'
Apr 20 16:24:24 challenger NetworkManager[2691]: <info> nameserver '192.168.1.52'
Apr 20 16:24:24 challenger NetworkManager[2691]: <info> domain name 'supermathie.net'
Apr 20 16:24:24 challenger NetworkManager[2691]: <info> domain search 'supermathie.net.'
Apr 20 16:24:24 challenger NetworkManager[2691]: <info> domain search 'ad.supermathie.net.'
Apr 20 16:24:24 challenger NetworkManager[2691]: <info> wins '192.168.1.51'
Apr 20 16:24:24 challenger NetworkManager[2691]: <info> wins '192.168.1.52'
Apr 20 16:24:24 challenger NetworkManager[2691]: <info> Activation (wlan0) Stage 5 of 5 (IPv4 Configure Commit) scheduled...
Apr 20 16:24:24 challenger NetworkManager[2691]: <info> Activation (wlan0) Stage 5 of 5 (IPv4 Commit) started...
Apr 20 16:24:26 challenger NetworkManager[2691]: <info> (wlan0): device state change: ip-config -> secondaries (reason 'none') [70 90 0]
Apr 20 16:24:26 challenger NetworkManager[2691]: <info> Activation (wlan0) Stage 5 of 5 (IPv4 Commit) complete.
Apr 20 16:24:26 challenger NetworkManager[2691]: <info> (wlan0): device state change: secondaries -> activated (reason 'none') [90 100 0]
Apr 20 16:24:26 challenger NetworkManager[2691]: <info> NetworkManager state is now CONNECTED_GLOBAL
Apr 20 16:24:26 challenger NetworkManager[2691]: <info> Policy set 'smnet' (wlan0) as default for IPv4 routing and DNS.
Apr 20 16:24:26 challenger NetworkManager[2691]: <info> Writing DNS information to /sbin/resolvconf

IP4.ADDRESS[1]: ip = 192.168.1.24/24, gw = 192.168.1.1
IP4.DNS[1]: 192.168.1.51
IP4.DNS[2]: 192.168.1.52
IP4.DOMAIN[1]: supermathie.net
IP4.WINS[1]: 192.168.1.51
IP4.WINS[2]: 192.168.1.52
IP6.ADDRESS[1]: ip = 2001:db8::6bdd/64, gw = fe80::5054:ff:fe84:cfcd
IP6.ADDRESS[2]: ip = 2001:db8::790c/64, gw = fe80::5054:ff:fe84:cfcd
IP6.ADDRESS[3]: ip = fe80::790c/64, gw = fe80::5054:ff:fe84:cfcd
IP6.DNS[1]: 2001:db8::51
IP6.DNS[2]: 2001:db8::52
IP6.DOMAIN[1]: supermathie.net

○ → host www.google.ca
www.google.ca has address 74.125.226.151
www.google.ca has address 74.125.226.152
www.google.ca has address 74.125.226.159
www.google.ca has address 74.125.226.143
www.google.ca has IPv6 address 2607:f8b0:400b:80b::1017

○ → host www.netdirect.ca
www.netdirect.ca is an alias for ajax.netdirect.ca.
ajax.netdirect.ca has address 216.16.235.90

○ → host www.supermathie.net
www.supermathie.net is an alias for baron.supermathie.net.
baron.supermathie.net has IPv6 address 2001:470:1d:165::1

Now I bring up the VPN:

Apr 20 16:30:32 challenger NetworkManager[2691]: <info> Starting VPN service 'openvpn'...
Apr 20 16:30:32 challenger NetworkManager[2691]: <info> VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 20739
Apr 20 16:30:32 challenger NetworkManager[2691]: <info> VPN service 'openvpn' appeared; activating connections
Apr 20 16:30:32 challenger NetworkManager[2691]: <info> VPN plugin state changed: starting (3)
Apr 20 16:30:32 challenger NetworkManager[2691]: <info> VPN connection 'Net Direct' (Connect) reply received.
Apr 20 16:30:32 challenger nm-openvpn[20742]: OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec 1 2014
Apr 20 16:30:32 challenger nm-openvpn[20742]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Apr 20 16:30:32 challenger nm-openvpn[20742]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 20 16:30:32 challenger nm-openvpn[20742]: UDPv4 link local: [undef]
Apr 20 16:30:32 challenger nm-openvpn[20742]: UDPv4 link remote: [AF_INET]216.16.230.2:1194
Apr 20 16:30:33 challenger nm-openvpn[20742]: [server] Peer Connection Initiated with [AF_INET]216.16.230.2:1194
Apr 20 16:30:35 challenger nm-openvpn[20742]: TUN/TAP device tun0 opened
Apr 20 16:30:35 challenger nm-openvpn[20742]: /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper tun0 1500 1542 10.0.0.14 10.0.0.13 init
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> VPN connection 'Net Direct' (IP Config Get) reply received.
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> VPN connection 'Net Direct' (IP4 Config Get) reply received.
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> VPN connection 'Net Direct' (IP6 Config Get) reply received.
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> VPN Gateway: 216.16.232.38
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> Tunnel Device: tun0
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> IPv4 configuration:
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> Internal Gateway: 10.0.0.13
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> Internal Address: 10.0.0.14
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> Internal Prefix: 32
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> Internal Point-to-Point Address: 10.0.0.13
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> Maximum Segment Size (MSS): 0
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> Static Route: 192.168.0.0/24 Next Hop: 192.168.0.0
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> Static Route: 216.16.235.0/25 Next Hop: 216.16.235.0
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> Static Route: 10.0.0.0/24 Next Hop: 10.0.0.0
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> Forbid Default Route: no
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> Internal DNS: 192.168.0.5
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> Internal DNS: 192.168.0.6
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> DNS Domain: 'netdirect.ca'
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> IPv6 configuration:
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> Internal Address: 2001:470:b3f5:f001::1002
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> Internal Prefix: 64
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> Internal Point-to-Point Address: 2001:470:b3f5:f001::1
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> Maximum Segment Size (MSS): 0
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> Static Route: 2001:470:b3f5::/48 Next Hop: 2001:470:b3f5::
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> Forbid Default Route: no
Apr 20 16:30:35 challenger NetworkManager[2691]: <info> DNS Domain: 'netdirect.ca'
Apr 20 16:30:35 challenger nm-openvpn[20742]: Initialization Sequence Completed
Apr 20 16:30:37 challenger NetworkManager[2691]: <info> VPN connection 'Net Direct' (IP Config Get) complete.
Apr 20 16:30:37 challenger NetworkManager[2691]: <info> Policy set 'Net Direct' (tun0) as default for IPv4 routing and DNS.
Apr 20 16:30:37 challenger NetworkManager[2691]: <info> Policy set 'Net Direct' (tun0) as default for IPv6 routing and DNS.
Apr 20 16:30:37 challenger NetworkManager[2691]: <info> Writing DNS information to /sbin/resolvconf
Apr 20 16:30:37 challenger dnsmasq[8136]: setting upstream servers from DBus
Apr 20 16:30:37 challenger dnsmasq[8136]: using nameserver 192.168.0.6#53 for domain 235.16.216.in-addr.arpa
Apr 20 16:30:37 challenger dnsmasq[8136]: using nameserver 192.168.0.6#53 for domain 0.168.192.in-addr.arpa
Apr 20 16:30:37 challenger dnsmasq[8136]: using nameserver 192.168.0.6#53 for domain 10.in-addr.arpa
Apr 20 16:30:37 challenger dnsmasq[8136]: using nameserver 192.168.0.6#53 for domain netdirect.ca
Apr 20 16:30:37 challenger dnsmasq[8136]: using nameserver 192.168.0.5#53 for domain 235.16.216.in-addr.arpa
Apr 20 16:30:37 challenger dnsmasq[8136]: using nameserver 192.168.0.5#53 for domain 0.168.192.in-addr.arpa
Apr 20 16:30:37 challenger dnsmasq[8136]: using nameserver 192.168.0.5#53 for domain 10.in-addr.arpa
Apr 20 16:30:37 challenger dnsmasq[8136]: using nameserver 192.168.0.5#53 for domain netdirect.ca
Apr 20 16:30:37 challenger NetworkManager[2691]: <info> VPN plugin state changed: started (4)
Apr 20 16:30:37 challenger NetworkManager[2691]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tun0, iface: tun0)
Apr 20 16:30:37 challenger NetworkManager[2691]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown configuration found.
Apr 20 16:30:37 challenger NetworkManager[2691]: <warn> /sys/devices/virtual/net/tun0: couldn't determine device driver; ignoring...
Apr 20 16:30:37 challenger dbus[2651]: [system] Activating service name='org.freedesktop.nm_dispatcher' (using servicehelper)
Apr 20 16:30:37 challenger dbus[2651]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Apr 20 16:30:37 challenger ntpd[20017]: ntpd exiting on signal 15
Apr 20 16:30:37 challenger ntpdate[20932]: Can't find host 0.ubuntu.pool.ntp.org: Name or service not known (-2)
Apr 20 16:30:37 challenger ntpdate[20932]: Can't find host 1.ubuntu.pool.ntp.org: Name or service not known (-2)
Apr 20 16:30:37 challenger ntpdate[20932]: Can't find host 2.ubuntu.pool.ntp.org: Name or service not known (-2)
Apr 20 16:30:37 challenger ntpdate[20932]: Can't find host 3.ubuntu.pool.ntp.org: Name or service not known (-2)
Apr 20 16:30:40 challenger dnsmasq[7973]: reading /etc/resolv.conf
Apr 20 16:30:40 challenger dnsmasq[7973]: using nameserver 127.0.1.1#53
Apr 20 16:30:40 challenger dnsmasq[3418]: reading /etc/resolv.conf
Apr 20 16:30:40 challenger dnsmasq[3418]: using nameserver 127.0.1.1#53
Apr 20 16:30:40 challenger dnsmasq[4818]: reading /etc/resolv.conf
Apr 20 16:30:40 challenger dnsmasq[4818]: using nameserver 127.0.1.1#53
Apr 20 16:30:40 challenger dnsmasq[4921]: reading /etc/resolv.conf
Apr 20 16:30:40 challenger dnsmasq[4921]: using nameserver 127.0.1.1#53

All of a sudden dnsmasq refuses to forward queries for ANY domain other than netdirect.ca to ANY nameserver:

○ → host www.supermathie.net
Host www.supermathie.net not found: 5(REFUSED)

○ → host www.google.ca
Host www.google.ca not found: 5(REFUSED)

○ → host www.netdirect.ca
www.netdirect.ca has address 192.168.103.52

But I can ask any nameserver and they work as expected:

○ → host www.google.ca 192.168.0.6
Using domain server:
Name: 192.168.0.6
Address: 192.168.0.6#53
Aliases:

www.google.ca has address 173.194.43.95
www.google.ca has address 173.194.43.79
www.google.ca has address 173.194.43.87
www.google.ca has address 173.194.43.88
www.google.ca has IPv6 address 2607:f8b0:400b:806::1017

○ → host www.google.ca 2001:470:b0e2::51
Using domain server:
Name: 2001:470:b0e2::51
Address: 2001:470:b0e2::51#53
Aliases:

www.google.ca has address 74.125.226.143
www.google.ca has address 74.125.226.152
www.google.ca has address 74.125.226.159
www.google.ca has address 74.125.226.151
www.google.ca has IPv6 address 2607:f8b0:400b:80b::1017

○ → host www.google.ca 192.168.1.51
Using domain server:
Name: 192.168.1.51
Address: 192.168.1.51#53
Aliases:

www.google.ca has address 74.125.226.143
www.google.ca has address 74.125.226.152
www.google.ca has address 74.125.226.151
www.google.ca has address 74.125.226.159
www.google.ca has IPv6 address 2607:f8b0:400b:80b::1017