If your router is the local DNS server for all these networks, you don't need to list it as a DNS server anywhere. option dns is something that beginners like to throw around without knowing what it actually is needed for. In a main router the only place to use it is in the wan configuration when you don't want to use the ISP's default DNS servers.
All these networks need to be in non-overlapping IP4 subnets for the routing to work.
Firewall rules act only when all the conditions are matched. This means that the more conditions you specify, the less likely the rule is to work. In particular on a port forward don't specify the destination zone at all. It is inherent from the destination IP address.
My bad on the .0 IP, that leg of the network hasn't been fully set up yet on the hardware side so it wasn't in use. Good catch, has been fixed, appreciate it!
Bit confused on what you mean by "access it again" here, assuming it means trying the forward again. Still no luck.
However something I think might be of note thanks to @mk24's message: when I unset the internal zone, it still doesn't work; but when I open the config modal in LuCI again, it auto configures to LAN. If I hit save from there, the forward works.
Relevant output of iptables-save -c | grep "DNAT" after the forward is configured with LAN internal zone:
Okay I got what is wrong and you were describing it wrongly. Your problem is not on the port forward itself, which you never tried because in all cases the hits on the firewall are zero, but on the hairpin nat (or nat reflection) which works when you switch the destination zone, because you are trying to access it from the lan zone.
Instead of trying to access the server by the wan IP when you are in the lan, use the internal IP. If you need a hostname instead of IP, then create one.
No, No, he's right. Initially for testing at the start of the thread I was using my cell phone and the forward was not working as intended. However between now and then, I flicked a few switches thanks to tips from here, Reddit, and even my boss via cell phone. Something changed, and sure enough it is now contactable. In choosing to be hasty in my later replies, I did my testing from the same machine I was configuring from, thus no hits. My bad, pebcak error, I'll take the blame.
I plan on configuring my DNS server so that requests from WAN resolve to the public IP, whereas local requests resolve to the local IP, similar to how @lleachii suggested earlier in the thread. Similarly, If I can figure out exactly what switch I flicked to get this to work, I'll update the post too.
Thanks to everyone for dealing with me and your help.