The problem is going to be though, how can you control what DNS server is used for each service?
I guess if you use Unbound in full recursion mode and ensure you route the authoritive nameservers for each service out the appropriate VPN you might get this to work. But otherwise Netflix USA are going to see DNS requests coming from a NZ IP address etc.
Isn't it possible to have a static diversion route that will divert all URLs in http://asn.blawk.net/9901 for Neontv? Hmmm ... I guess that is the same the firewall rules are trying to accomplish...
Can one assign different "sets" of DNS to different gateways?
I did contact NeonTV to tell them about this issue. They will look into it... or so they said
No, you can't assign different DNS to different gateways. The DNS server used is something the client picks.
You can use the Unbound DNS server in pfSense to "walk the DNS tree" instead of acting your local ISPs nameserver (or google's etc). This is slower, but it would allow you to route your requests for DNS out various gateways. When you lookup .com you get told talk to netflix.com and when you go to talk to netflix.com's nameservers, you'd have a route in the table for their namservers that goes out your VPN-US server. Probably covered by the routing you already have in place for their netblocks.
But yes, this is where it'll get tricky. You can't just send all your requests to your ISP, or to an overseas server, unless it is doing some clever lookup stuf for you already (maybe some of them do)