Domain Name System

How to set the first DNS server issued by DHCP on OS X?

There is a server on which there is strongswan, bind9, isc-dhcp-server.
/etc/ipsec.conf

config setup

conn %default

    dpdaction=clear
    dpddelay=35s
    dpdtimeout=2000s

    keyexchange=ikev2
    auto=add
    rekey=no
    reauth=no
    fragmentation=yes

    # 
    left=%any
    leftsubnet=10.10.10.0/24
    leftcert=vpn.site.com.crt
    leftsendcert=always

    #
    right=%any
    rightsourceip=%dhcp
    eap_identity=%identity

conn ikev2-mschapv2
    rightauth=eap-mschapv2

conn ikev2-mschapv2-apple
    rightauth=eap-mschapv2
    leftid=vpn.site.com

/etc/strongswan.d/charon/dhcp.conf:

dhcp {
    force_server_address = yes
    interface = vmbr1
    load = yes
    server = 10.10.10.255
}

The problem is that when connecting to a VPN, the DNS server issued by DHCP becomes the second one:
$ scutil --dns

NS configuration (for scoped queries)

resolver #1
  nameserver[0] : 192.168.1.1
  if_index : 4 (en0)
  flags    : Scoped, Request A records
Reachable, Directly Reachable Address

resolver #2
  nameserver[0] : 10.10.10.1
  if_index : 12 (ipsec0)
  flags    : Scoped, Request A records
Reachable, Transient Connection, Connection Required, Automatic Connection On Demand

resolver #1 - taken from the first connection (Wi-Fi).
You cannot drag a VPN connection in the network settings.
Is it possible to make it so that it would become the first, or even be the only one?