I am somehow confused:
I want to use the VPN policy based on the target Domain or IP like this (first two lines commented with #, 3rd+4th line with domain-name) (with "Use VPN" set):
After some while one out of two devices change routing again to normal wan-interface without VPN, the other one stays on VPN (in the beginning both go via VPN.
The VPN policy is based on the DNS server. A device needs to request DNS entries via the DNS server of the router (so no DoH/DoT on the device itself!) to make them work.
Check if the devices are using the internal DNS of your router instead of some other.
Are you trying to exclude certain domain/ip from using VPN? If so, I did this recently. Since I post on Offerup a lot, I wanted offerup to be excluded in VPN since offerup doesn't allow the use of VPN. When I set Policy based on target domain/IP, I leave it at Do Not Use VPN. I entered offerup's domain and IP on each line. I then go to AdGuard Home (if you have it set up) then Filters> DNS Rewrites. I put offerup's IP there and I was able to access offerup while the rest still use VPN.
Not sure if that's what you are after but if it is, hope it helps.
