name-specific DNS servers

Ubuntu with systemd-resolved. Computer is connected to the internet and work VPN. Work network has its own DNS and its own private hostnames resolvable only by its DNS but not by the public internet DNS. resolv.conf has nameserver entries for both networks, internet DNS first. When I am trying to resolve a private work hostname, internet DNS is connected first, returns not found error, and the name is not resolved. Works as designed - secondary nameserver should be contacted only in case of timeout or as round-robin, but obviously not the way I need it. My question is: how can I set it up to use work DNS to resolve private hostnames and internet DNS to resolve everything else? Essentially nameserver1 should be contacted if FQDN matches a domain list and nameserver2 if it doesn't. Obviously, I can set work DNS as primary - that's the workaround I am using now, but every time VPN is disconnected and reconnected systemd changes resolv.conf order back to default with internet first, also I am not comfortable with work DNS resolving all my requests to pron sites :)