Would someone be able to clarify something for me? 2 questions:
1.) I guess for each interface (VLAN) I have to change this to 'Specify' and put in my FG ip address as the DNS server. However, does this replace the DNS settings I've configured in the FG or is it applied in addition?
The DNS database will not override the actual system DNS. You can actually see that as a recursive DNS database. As soon as you configure the FGT as DNS Server you can specify that all requests will be forwarded to the configured system DNS or you can specify a recursive lookup. In case of a recursive lookup all request will be sent to the system DNS apart of the configured DNS suffixes in the database. Means all request for internal domain "something.local" will be handled by FGT, while all other request will be forwarded to the System DNS.
[Configured DNS Database for something.local]
Based on that information you would need to specify the FGT as DNS server for each VLAN, where you need recursive lookup.
For the question on VPN:
For IPSEC and SSLVPN the Fortigate cannot act as DNS Server on these virtual-interfaces directly.
Instead you would need to create a loopback interface, where the DNS service is listening on. In order to reach the loopback interface, you would need to create a route for the client and a firewall policy. Instead of a loopback interface, you could also do the same with the internal IP of a VLAN interface.