[SurprisedItWorks]

I only just got around to enabling local DNS.

Aside: Turns out that one need only go to GUI>Services>Services>SystemManagement, change UsedDomain to LAN & WLAN (from WAN, in my case) and set LANdomain to "home" or some other domain name (doesn't have to be of form foo.bar as many advise) of choice. Setting a couple of parameters in "Additional DNSMasq Options" as advised in the classic https://wiki.dd-wrt.com/wiki/index.php/DNSMasq_as_DHCP_server appears unnecessary. Presumably that advice has been made obsolete via dd-wrt changes since it was written.

Experiment quickly showed though that local DNS set up this way (or with the dnsmasq options) fails when a vpn client is in use, whether it's the dd-wrt client or one in a computer, at least for NordVPN and PIA. Presumably requests to resolve LocalComputer.home are being sent to the VPN provider's DNS server.

This raises the question: is there any (reasonably simple) way to have dnsmasq continue to provide local-DNS service while allowing the vpn provider's DNS server to handle everything else in the normal way (without preventing dnsmasq from handling everything as usual when no vpn is in use)?

I can't see one, but then I am a relative newbie to fancy DNS trickery. I can look at dnsmasq.conf, but I comprehend only a fraction of what I see there. I managed to get two dnscrypt servers running, but that's about the extent of my dnsmasq skills.

I should add that my dd-wrt OpenVPN client is restricted to a VAP by PBR and that that VAP's config is where I specify the VPN provider's DNS server.