Of late, Ubuntu has a distasteful habit of running a sorry local DNS proxy (dnsmasq) rather than talking the nameserver it gets via dhcp directly. If they were going to run a local nameserver there are many better choices (unbound comes immediately to mind) than dnsmasq, which is really intended to be a swiss army knife for pxe, tftp, ra, and dhcp server (doing none of these notably well) in the same sort of environment where one might run busybox or toybox (for those who like a non-viral license).

Anyway, back to Ubuntu and dnsmasq. You can fix this behavior by commenting out "dns=dnsmasq" in /etc/NetworkManager/NetworkManager.conf - after that you can either reboot or "sudo restart network-manager" depending on how lucky you feel.

It appears that the reboot will also make dnsmasq not get started, a rare instance of the end user being surprised by the right thing happening automatically.

Update 20150307: Jared tells me "you're forgetting that dnsmasq will strip edns stuff including dnssec too". I had been thinking that dnsmasq did dnssec now, but clearly I'm confusing it with some other poorly implemented DNS MITM (can't say recurser because, well, dnsmasq doesn't recurse, ha!)