Always prefer global DNS and use interface DNS (obtained via DHCP) just for routed domains

prefer-global-dns.sh

#!/bin/sh
INTERFACE=$1
ACTION=$2

# DNS modification makes sense for active (up and vpn-up) interfaces only
[[ "${ACTION}" =~ up$ ]] || exit 0

# Disable DNS default route for all interfaces to prefer global DNS
resolvectl default-route "${INTERFACE}" no

DOMAINS=$(resolvectl domain "${INTERFACE}" | cut -d: -f2)

# Remove "~." route domain from all interfaces to prefer global DNS
[[ "${DOMAINS}" =~ ~\. ]] || exit 0
DOMAINS="${DOMAINS//~.}"
if [[ -z "${DOMAINS// }" ]]; then
	resolvectl domain "${INTERFACE}" ''
else
	# Noting (route) domains are separate arguments and should be passed without enclosing double quotes
	resolvectl domain "${INTERFACE}" ${DOMAINS}
fi

The script removes "~." - the default route domain from each active interface to enforce global DNS server configured in /etc/systemd/resolved.conf.

Usage

• Set global DNS in /etc/systemd/resolved.conf and restart systemd-resolved service:

[Resolve]
DNS=9.9.9.9
Domains=~.

systemctl restart systemd-resolved

• Place the script into /etc/NetworkManager/dispatcher.d/, enable NetworkManager-dispatcher service and restart NetworkManager to rerun the script:

curl -o /etc/NetworkManager/dispatcher.d/prefer-global-dns.sh https://gist.githubusercontent.com/viliampucik/caffddb1731a86518e4f393f1ebd0c0e/raw/c2a677661a59d3bd135149fcb597cd19f5b5f035/prefer-global-dns.sh
systemctl -now enable NetworkManager-dispatcher
systemctl restart NetworkManager