systemd-resolved vs VPN and local DNS overrides

i have some services (such as this wiki) which are hosted on a server in my home network. The server is behind a NAT router which means that in order to access for example my wiki from home i will need to contact the local IP rather than the public IP of my router with the NAT rule for port 80 and 443.

To make this transparent to the user (and more importantly, to mobile devices that are sometimes connecting from the outside and sometimes from the inside) i've set up a DNS override on my router. So as soon as a device is connected to my local network it gets the local router as DNS server via DHCP and the router resolves wiki.psuter.ch to 192.168.8.1 rather than the public IP of my router assigned by my ISP. this works nicely in most cases, however when I start using VPN connections which provide their own DNS this no longer works because the VPN's DNS is put in front of my local one. I understand that in most cases this is probably what i would want, but no in my particular case.

Luckily systemd-resolved has a solution for that: we can specify a specific dns to be preferably used for a given domain, which is exactly what we want here.

create a new file (and possibly also the path) at /etc/systemd/resolved.conf.d/local.conf and edit the file. put something like this inside:

[Resolve]
DNS=192.168.8.254
Domains=~psuter.ch

where 192.168.8.254 would be my local DNS in this example and psuter.ch the domain i want to make sure is resolved preferably by this dns.

now restart (reload is not possible for this service) the systemd-resolved service:

systemctl restart systemd-resolved.service

if you try now the preference is in place and dns queries for my local sites will be resolved by ma local DNS even if i'm using vpn's to other networks.