I used the default secure Quad9 DNS (184.108.40.206) define in /e/OS until last week.
Even if it’s a really good public DNS resolver (performance, security, privacy), I had a little problem.
When using my VPN app, I noticed I had a DNS leak to… 220.127.116.11 which is logical.
So, to stop the DNS leak, I had to stop using the /e/OS secure DNS for my usual Web browsing.
Doing it, gave the VPN app the opportunity to use its own secure DNS, stopping the DNS leak outside my VPN provider.
So, be careful when using a VPN with a forced DNS define in the OS, browser,etc…