Edit - acutally thinking about it. It would just be easier to pass 9.9.9.9 dns directly to your vlan 2 group and pass your filtered DNS to the other two. Just change the DHCP settings for each group.
edit2 - also if you werent aware there is a way to run AGH on your router directly either by using the AGH edge client or the opkg openwrt version. [How-To-Updated 2021] Installing AdGuardHome on OpenWrt [Manual and opkg method]
IIRC you can do it via AGH itself
you can specify rules for clients or client groups. https://github.com/AdguardTeam/AdGuardHome/wiki/Hosts-Blocklists#client has more info.