I used the default secure Quad9 DNS (9.9.9.9) define in /e/OS until last week.
Even if it’s a really good public DNS resolver (performance, security, privacy), I had a little problem.
When using my VPN app, I noticed I had a DNS leak to… 9.9.9.9 which is logical.
So, to stop the DNS leak, I had to stop using the /e/OS secure DNS for my usual Web browsing.
Doing it, gave the VPN app the opportunity to use its own secure DNS, stopping the DNS leak outside my VPN provider.
So, be careful when using a VPN with a forced DNS define in the OS, browser,etc…
Interesting.
I assume you untoggled the “Use Network DNS” setting and defined the Quad9 there before you started uding the VPN?
I never realized this is possible, I may use that for mobile surfing.
In my LAN I set it to the Quad9 DNS via DHCP option anyways.
Sidenote, the Huawei stock ROM does this by default, ignoring the network DNS and using a prespecified one. This is an issue as it bypasses some otherwise reliable blocking possibilities like PiHole.
It can’t even be toggled off.