Dns leak with unbound enable through wireguard ProtonVPN

[papry]

Hello I'm dealing with the dreaded DNS leak.
I read a lot of closed topic on the issue & I'm still struggling with something.
I have multiple VLANs.
Wireguard tunnels work perfectly, I have 4 working tunnels.
I wanted to force Unbound to use my VPN gateway for some VLAN: I tried defining the Outgoing network Interfaces to only the VPN : It didn't work
I managed to stop DNS leak by :
- enabling unbound -> query forwarding
- setting DNS address and VPN gateway in System -> Setting -> general

If I understand correctly how this work :
My PC send a request to the router in UDP/TCP with destination port 53
- Sidequest : putting a NAT-> port forward rules to catch anything that goes out of my network in TCP/UDP with port 53 & redirecting it to the router on port 53 should catch it.
- Unbound that is part of this firewall process it & send it to the corresponding interface in outgoing but WAN is forced anyway.

A another option I have would be to :
- make a docker on another PC with unbound+pi-hole then force this DNS choice through the VLAN DHCP menu.
- Force this adress to go through my VPN tunnel.

Any idea about what I missed ?

Thanks in advance.