DNS (Domain Name Resolution) is a protocol that translates domain names into IP addresses.

• https://www.joindns4.eu/for-public
• https://quad9.net/
• run your own

bind9

In order to have LAN-only DNS names (e.g. a home network) you need to have a DNS server running. Its address should be handed out by the existing DHCP server in order for local (fake) domain names to work. In turn, the DNS server should forward external requests to some other resolver.

DNS leaks occur when your computer uses wrong (usually ISP default) DNS servers when using a VPN. This is a privacy threat as it effectively negates the benefit a VPN provides.
You can test for a dns leak here: https://www.dnsleaktest.com/
Note that this usually affects only windows boxes. @research need more info here

ISPs can also employ transparent DNS proxies in order to bypass explicit DNS configuration, ensuring a DNS request only reaches the ISP's server, not your desired choice.
When using OpenVPN, you can usually fix a DNS leak by adding block-outside-dns to the config file of the VPN server you're connecting to. This ensures your system will reject any DNS responses from network adapters other than your VPN's tunnel.
On linux, this option has no effect.

Your ISP modifies your DNS requests to use their servers, or something like OpenDNS.
To get around this, you can use unbound with DNS-over-TLS (DoT) for making encrypted queries.

A IPv4 address
AAAA IPv6 address
PTR hostname; reverse of A record
NS DNS name server
SOA meta info about zone
CNAME hostname alias
MX smtp server

Specify which CAs are allowed to issue certs for your domains with CAA records
SSLMate's CAA record generator can be used for this, see https://sslmate.com/caa/

ctq.ro.	CAA	0 issue "letsencrypt.org"
0 iodef "mailto:bofh@ctq.ro"

https://desec.io/signup free DNS hosting for your domains