It should be kinda the same as the wiki page you sent and then I mean that section of dnsmasq-full.
For ipset, you should take some consideration, on newer versions of OpenWrt you have a new firewall with nftables and nftset, to be honest I normally would keep it there.
The only thing that might be different is that ipset also catches subdomains as wildcard, while nftset via dnsmasq could not ( though I'm speaking from the past, so it is possible that this is no longer a issue )
Now when you create a PBR rule in Luci, give it a name, set the domain in remote and set the target to wan on prerouting.
Note: this rule should always be on top above the rule where traffic get sent to the VPN, I guess similar as how vpnbypass worked all routes should be handled by PBR/vpnbypass.
If you flush your dns (on Windows under cmd:
ipconfig /flushdns), and also the dns in a browser through
chrome://net-internals/#dns and it still does not work, you get something like a refused error then try the following:
(this likely only happen on more advanced setups with more interfaces and only with forwarding zone to vpn zone ment for being a firewall kill switch)
Since I'm typing on a phone it's difficult to explain it accurate:
In one of these tabs inside lucis PBR management you have some settings for WAN with a marking, the only thing you have to do is copy that hexadecimal mark, and go to firewall and create a new traffic rule as follows:
src zone: yourcustomnetwork
dst zone: wan
click on advanced tab->marking or mark->paste the mark here in.
This way you say to the firewall to allow traffic to be forwarded matching with mark supplied by PBR to wan and it should work under this type of firewall setup
here is a screenshot of my advanced pbr configuration, I highlighted how a simple setup could look like, for vpn the source/local ip's are not needed perse if you want to route all through vpn but for my setup that is not handy to do.
the ignore rule in case you wonder is because PBR can block other routes because of the killswitch feature, if I had a pi-hole instance running on a different network route then PBR would block it, so with the ignore target I can tell PBR to ignore the block, you have to check this in the advanced tab if you need it.