This indicates that your DNS is probably not working as expected in your configuration.
So... looking at DNS specifically -- what are the DNS entries that you've defined in your wan interface? It appears that they're for NordVPN, is that correct? These shouldn't be in your wan, and that could be part of the issue. You should use either the ISP/DHCP advertised DNS, or a public one (like 8.8.8.8) on your wan. Using DNS that is related to the VPN on your wan interface could cause a chicken-or-egg situation.
These are also likely to cause DNS problems... is there a reason you have made these changes?
On a slightly different topic, you've got your VPN setup with your wan zone... it seems that you had previously configured it differently with the vpnfirewall zone which would give you the ability to have a kill-switch. When it is setup with the wan zone, a kill switch won't work. This isn't a problem, per-se, but the vpnfirewall zone doesn't do anything right now.
Also, on wireless, don't use psk-mixed unless you actually need to (i.e. legacy devices). You should probably change this to psk2 (unless you want to use newer WPA3; keep in mind that many devices don't work well when you use sae-mixed (WPA2/WPA3) mode, so you want to be either WPA2 or WPA3, not mixed)