Windows 10 Always On VPN, Split DNS, NRPT, and how to configure which DNS server is used?
A potential workaround you could try is standing up a Server 2016 DNS server and implementing a DNS policy to do split-dns with geolocation awareness. This would allow you to tell DNS queries from the Device VPN subnet to use the external IP instead of the internal.
The powershell commands would look something like below.
Device VPN subnet
Add-DnsServerClientSubnet -Name "DeviceVPNSubnet" -IPv4Subnet "192.168.1.0/24"
Device VPN Zone Scope
Add-DnsServerZoneScope -ZoneName "example.com" -Name "DeviceVPNZoneScope"
Default A record (should already exist)
Add-DnsServerResourceRecord -ZoneName "example.com" -A -Name "mail" -IPv4Address "192.168.0.5"
Device VPN A record
Add-DnsServerResourceRecord -ZoneName "example.com" -A -Name "mail" -IPv4Address "203.0.113.5" -ZoneScope "DeviceVPNZoneScope"
Device VPN Resolution Policy
Add-DnsServerQueryResolutionPolicy -Name "Device VPN Policy" -Action ALLOW -ClientSubnet "eq,DeviceVPNSubnet" -ZoneScope "DeviceVPNZoneScope,1" -ZoneName "example.com"
See: Use DNS Policy for Geo-Location Based Traffic Management with Primary Servers