You can try to make a firewall rule to block port 53 for your LAN clients both to the router (INPUT) and to the internet (FORWARD), but this rule must be after the PBR DNS rule
You might consider turning things around and route everything by default via the VPN and only make exceptions you want but you might end up with more or less the same problems.
The router itself is using the OUTPUT chain so using this chain will route traffic from the router itself.
Note that the router must be able to route via the WAN e.g. traffic for the VPN endpoint and traffic of clients which are using the WAN.
So that needs careful planning, good luck with that.
If you are satisfied with the result so far, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks! 