I guess scutil --dns shows some DNS servers before the one that was added by VPN.
If the first DNS server respond with "record not found" then I think the host will not send the request to the remaining DNS server. It will only send to the second if the first doesn't respond at all (DNS server down).
We tried different versions of Forticlients 188.8.131.520, 7.0.7.0245 and 7.2.0.0655 and none of them was working.
Tried to erase all data and settings. Tried to downgrade macOS to Catalina (10.15.7) and it worked, then upgraded to Monterey 12.6.5 and it was working. When upgraded to Ventura 13.3.1 DNS was no longer resolving hostnames.
Seems like issues is macOS version related (macOS Ventura) and hostnames cannot be resolved.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.