packages/openconnect.sh at master · openwrt/packages (github.com)
From what I can tell, peerdns option in /etc/config/network is not effective for openconnect proto.
After openconnect gets the tunnel up, it sets some environment variables then calls /lib/netifd/vpnc-script to update dns. The script does so by creating config files in /tmp/dnsmasq.d/ then restarts dnsmasq.
My workaround now is to mess with the creation of config files in lib/netifd/vpnc-script
#DNSMASQ_FILE=/tmp/dnsmasq.d/openconnect.$TUNDEV
DNSMASQ_FILE=/tmp/openconnect.$TUNDEV