GL-AR750 Wireguard+NextDNS+VPN policies=DNS queries point to my ISP IP

Hello. Since english is not my native language, I hope I’ll be able to properly explain myself.

I don’t know if I am missing something here, but I am experiencing this:
I use Wireguard on my AR750 (AzireVPN) and I enabled VPN policies to exclude some devices to use WG (MAC address policy-Do not use VPN for the items in the list).
Lately I begun using NextDNS service and while using it, I decided to take a look ath the NextDNS logs’page to see what entries were blocked by the lists I am using.
Looking at the logs, I noticed that if VPN policies if off, my DNS queries point to my WG IP, but
If VPN policies are ON, DNS queries point to my real ISP IP even if the device I am using is effectively connected with WG.
If I check “Use VPN for all processes on the router”, then DNS queries point again to my WG IP using VPN policies.
Question is: is this behaviour normal?
Thanks a lot for the attention.

I am not sure this answers your question but the VPN Policies menu is illogical and near impossible to understand. Have a read of this:

For example, why would there even be a “Use VPN for all processes on the router” when you are in the VPN Policy menu to do exactly the opposite of that?
Policies also seems to interfere / over-ride the kill-switch which I think should be the command that is superior to all others.

Well… there’s more apparently.
I enabled Dynamic DNS for remote access while having VPN policies ON (with “Use VPN for all processes on the router” DISABLED). If I do a DDNS test, i can see my ISP IP registered on the UI.
And that should be normal because that’s the point of having “Use VPN for all processes on the router” disabled as written HERE
But then I noticed that the registered IP on the DDNS Luci page wasn’t my ISP IP like in the UI, but my Wireguard IP! I am really confused now. And on top of that, remote access isn’t working anymore (even if I refresh the registered IP). The last time I used it was working fine…