Comment 44 for bug 1624317

So I have come up with a working solution that actually solves all MY needs in this regard. Hopefully it will be of use or inspiration to some of you guys too...

Part 1 -- Switch NetworkManager to use dnsmasq (this will NOT work with resolved!)

# apt-get install dnsmasq-base

Add dns=dnsmasq to /etc/NetworkManager/NetworkManager.conf [main] section

# systemctl disable systemd-resolved
# systemctl stop systemd-resolved
# systemctl restart network-manager

Part 2 -- Modify VPN configuration (in /etc/NetworkManager/system-connections)

DNS, Routes and reverse IP for the VPN networks can be tricked to work by modifying the [ipv4] section of the VPN configuration file:

dns-search=example.lan;example2.lan;example.net # <-- make sure dns requests for these domains and all subdomains are sent to the VPN DNS servers, allowing the split DNS to work

never-default=true # <-- make sure the VPN will not be made the default route
ignore-auto-routes=true # <-- if you want to manually select the routes
route1=192.168.1.0/24 # <-- sets up a route - with reverse dns forwarding to the vpn dns server for network 1
route2=192.168.2.0/24 # <-- sets up a route - with reverse dns forwarding to the vpn dns server for network 2