How do I get the VPN to use an internal DNS server?

I'm doing the initial setup on my FortiWifi 90D, switching from Cisco ASA so everything is quite different. I'm trying to get our VPN up and running. I went through the Windows Native remote access VPN setup, and I'm able to successfully login remotely. The problem is, by default the VPN pulls the FortiGate system DNS settings. I have those configured to point externally. Eventually I want to have the FortiGate act as the primary DHCP/DNS/NTP for all the networks behind it, so I'd rather not change the system DNS to point internally, and have an internal server go out for DNS. It's an option, but I'd rather not. I'm DEFINITELY not going to do the DNS translation feature that publishes internal addresses externally.

It seems to me, that the best and most obvious option is to statically set the DNS in the tunnel options. Anytime I attempt to convert the VPN to custom through the gui, I get the error "-1 invalid length of value" once I go to save the new settings. Even when I undo the changes, I still get the same error, so the gui seems broken for this. No problem, the CLI is logical and easy to use. I go into the config for my phase1-interface, edit the VPN, set mode-cfg on, set dns-mode to manual, and configure my ipv4 dns servers (no ipv6). then I end, and test the VPN. It's still pulling the system DNS. So I think, maybe since I've enabled the mode-cfg I need to manually add the rest of the ipv4 settings as well. I go in, and set them to the addresses I'm using for the VPN logins (this is a separate local address space, ie: if I'm tunneling into 1.1.1.0, the vpn uses 2.2.2.0 for it's clients. Of course those aren't the real IP's I'm using) still doesn't work.

What am I doing wrong? What is the recommended way to accomplish this? I've read a lot of different tech notes, KB articles, and forum posts, and they seem to show that I'm doing it right.. Is it as simple as needing a reboot?