use DNS with DoT (dns over tls) or DoH (dns over https)
This is critical because the most people use a DNS with their own ISP.
The DNS can leak their true location.
Your vpn solution is not complete without DNS encryption.
And please don't forget Linux not just Windows, Apple or Google.
You're maybe right, I'm not a expert too.
But ProtonVPN, at my point of view, use a end-to-end encryption for their DNS and without TLS encryption (just for DNS).
The TLS encryption require a third-party.
I suppose if the DNS are not secure, the stream of internet can be reading and tracking at the point A to the point B.
It's maybe an error, if you are more information, please tell me.
If people use a DNS with their own ISP and ProtonVPN they will just use Proton's DNS as soon as they use the VPN and that doesn't leak, since all traffic is protected.
It is a different story when you set a custom DNS server for ProtonVPN and the DNS traffic is forwarded to that custom DNS server. Here DoH or DoT would have to be used to avoid a leak, but tbh. even that DNS leak should just point to your VPN location (not an expert though, so not sure).