Windows 10 Always On VPN, Split DNS, NRPT, and how to configure which DNS server is used?

A potential workaround you could try is standing up a Server 2016 DNS server and implementing a DNS policy to do split-dns with geolocation awareness. This would allow you to tell DNS queries from the Device VPN subnet to use the external IP instead of the internal.

The powershell commands would look something like below.

Device VPN subnet

Add-DnsServerClientSubnet -Name "DeviceVPNSubnet" -IPv4Subnet ""  

Device VPN Zone Scope

Add-DnsServerZoneScope -ZoneName "" -Name "DeviceVPNZoneScope"  

Default A record (should already exist)

Add-DnsServerResourceRecord -ZoneName "" -A -Name "mail" -IPv4Address ""

Device VPN A record

Add-DnsServerResourceRecord -ZoneName "" -A -Name "mail" -IPv4Address "" -ZoneScope "DeviceVPNZoneScope" 

Device VPN Resolution Policy

Add-DnsServerQueryResolutionPolicy -Name "Device VPN Policy" -Action ALLOW -ClientSubnet "eq,DeviceVPNSubnet" -ZoneScope "DeviceVPNZoneScope,1" -ZoneName ""  

See: Use DNS Policy for Geo-Location Based Traffic Management with Primary Servers