Unbound - possible to select outgoing interface priority or ordering

ak

New user started on 2.2 so using the default Unbound DNS service. I have a WAN interface and two VPN out interfaces (to US and NL).

I like to be able to have all DNS queries go out via one of the VPN connections and fall back to WAN if unavailable. I can see that I can select the interfaces - but there seems to be no way to set an order or priority on this. Is this possible?

VBS

BUMP

I have almost the exact same set-up. (pfsense 2.2.3 now)

I use policy-based routing and gateway groups to make my LAN use the VPN for internet and fall back to WAN when the VPN goes down.
I, too, would like a way to do the same thing with my DNS in pfsense.

I find that my DNS goes out either through VPN2 or both VPN1 and WAN (unless I specify something else manually)

I would like to have my DNS use VPN1 only, and fall back to WAN only when VPN1 becomes unavailable. (just like my internet connection does)

Having Unbound use WAN for DNS when the VPN is working is not an option as it exposes my public IP.
On the other hand, having it use the VPN will stop name-resolution from happening if the VPN goes down.
If I select both, the leaks both public IPs.

It would be possible to achieve what I want with a separate DNS resolver on my LAN, but that means more equipment, more cost, more administrative effort.

Does anyone know of a way to achieve this within pfSense?