Hi,
Add this info to the equation :
8.8.8.8 is a huge DNS cache with some additional functionalities **.
If "8.8.8.8" doesn't know the answer, it will behave exactly like the pfSense Resolver : it will ask the 13 root server, and drill downwards.
The Resolver can only work. If it doesn't, two things might happen :
Resolver can't connect to at least one root DNS server => bad connection ? Your ISP (or VPN) is playing tricks on you ?
You mentioned "well known sites" so I can rule out faulty DNS name servers I guess.
(third option : your "well known sites" do not like your VPN IP, sites like Netflix blacklisted most of them already.)
If asking the root servers (directly) doesn't work well, consider the Internet as broken …. and that did not happens up until today.
** like Google knowing what your are doing, where, with who and when.