Site-to-site VPN: route DNS traffic from the firewall itself

[teapot9]

I am setting up a site-to-site VPN but I have issue to get Unbound to use the remote site's DNS server for it's local domain.
I configured Unbound to use the remote site dns server's IP for local.foo.com.

Alias my_alias: networks I want to be routed through the VPN (which includes the DNS server's IP).

I have 2 OpenVPN clients to connect to the same site, the second one being a failover.
I configured a gateway group with the 2 gateways created by the OpenVPN clients.

Configured 2 NAT outbound rules:
 - interface=my_vpn_iface_1, src=any, dest=my_alias, nat address=interface address, static=no
 - same with interface=my_vpn_iface_2

Added 1 floating rule to route my_alias through the VPN:
 - quick, direction=in, protocol=ipv4*, src=*, dest=my_alias, gateway=my_vpn_gateway_group

This rule should route any traffic going to my_alias from any interface through the VPN gateway group.

I can access the remote site from LAN.
However, I cannot access it from the firewall itself.

I tried configuring a static route.
However, I cannot set the gateway to my_vpn_gateway_group, only single gateways can be selected.

Firewall logs shows "let out anything from firewall host itself".

I also tried enabling "Disable automatic rules which force local services to use the assigned interface gateway", but the same issue occur.

Any help would be appreciated.