If the firewall cant reach the LAN, either because of a firewall rule or bad routing, it will not be able to access the DNS server even if it works well for the rest of the LAN. I'm assuming that the rest of the LAN talks to the DNS server directly and not through the firewall.
It sounds like you would benefit from reading a bit about how routing and gateways work, as it seems like you're mostly trying stuff without really knowing what it does. Please save yourself some sanity and make some proper planning on your different subnets, their vlans and how they should route their traffic, ideally in a diagram of some sort.
Without knowing your exact setup I'm getting a feeling that your current configuration is both overly permissive and overly restrictive, meaning you cant access the things you want but any potential attackers can probably get around just fine.
I would seriously consider tearing it down and starting over with a more cohesive plan, but I know that might not be possible for you time-wise. On the other hand, having a well planned network that you understand would almost certainly save you time in the long run, especially if you want to keep doing more advanced and unorthodox stuff to it.
Okay, I think I know (at least one of) the problem(s).
It is sending the ping from the WLAN interface because that is your default route, and you either don't have a route specified for your 10.2.x.x network or you're overwriting it with a different route (I'm guessing the first option).
E.g. you need to tell your firewall "if you want to reach an ip-address in 10.2.x.x you need to go through here", with "here" probably being either your managed switch if it works as a gateway (10.6.1.254?) or an interface on your router if it works as a switch (10.6.1.41?).