Because there is no data on how many people use Mullvad Browser with Proton VPN, and how many of those have which DNS settings selected, you just have to make the decision you think is best for you.
I would stick to one provider and turn the browser’s DNS off when using a VPN.
If being fingerprinted this way is a problem, your only other option would be using the Tor Browser.
Following this topic, I believe a note should be put on that regards that if you use Mullvad Browser with a VPN with settings to max protection, there could be a DNS leak.
Maybe even change the recommendation for everyone to change the DNS settings to default Protection.
I don’t think DNS would leak. The browser will still use its DNS or your VPNs. How is that a DNS leak?
I’m not the expert here, but please see this topic:
I guess we’re thinking of “leak” here differently but overall agree that your VPNs DNS should be the only one used.
Now I understand your question a little better. I think what you’re looking for is an additional layer of protection, even though the connection is still routed through a VPN (with its private DNS).
So yes, you can leave it enabled because the connection is routed through your private VPN. There’s no problem, but I recommend another type of more robust protection layer, such as TOR.
From my understanding, this would potentially create a leak and you should not do that.
See this topic:
I already put mine to default protection.
In theory, no, because it’s behind a VPN. Correct me if I’m wrong. You also have to consider that you have to trust your VPN provider, and nowadays I would only trust Mullvad or AirVPN.
I’m convinced now you have to either put it to off or default protection.
I am writing this to suggest that PrivacyGuides not recommend using the Secure DNS / DNS Over HTTPS feature on the browser recommendation and configuration page. The reason for this is because this feature causes DNS Leaks when using a VPN.
There is also the fact that all three VPNs recommended by Privacy Guides [Mullvad, ProtonVPN, and IVPN (page hosted by IVPN)] all specifically recommend to not use this feature.
Mullvad:
Firefox on desktop
To turn off DNS over HTTPS follow these steps:
- Click on the menu button and select Settings.
- Click on Privacy & Security in the left column.
- Scroll down to the bottom. Under Enable secure DNS, click on Off.
Portmaster
Portmaster hijacks DNS queries. Try to uninstall that.
Browser extensions
If you have installed a browser extension that can change the DNS, for example CIRA Canadian Shield, then turn that off.
Proton:
We therefore strongly recommend against using DoH (and the similar DNS over TLS standard) with Proton VPN . When using our apps, all DNS queries are sent through the VPN connection to our servers, and are thus securely encrypted without the need for DoH or DoT.
IVPN:
Mozilla Firefox
Select the menu button and go to Settings. In the Privacy & Security menu, scroll down to the Enable secure DNS using: section. Choose Off.
My only remaining interrogation is about router settings, which doesn’t seem to be covered in the three links of Mullvad/Proton/iVPN.
Could anyone answer this? If I want to configure DNS like NextDNS or 1.1.1.1 on my router, am I suceptible to DNS leak as well?
I’m always using a VPN, but some people in my household don’t want to (working on that 
). So I at least changed my DNS on my router, but would that give me a DNS leak risk?
DNS resolution requests can be used to fingerprint users. One such demo: http://dnscookie.com/
If browsers handle DNS, then DNS technically IS part of the browser fingerprint… though, just not during / after the webpage rendering / JS execution phase.
(logged in again to respond since you tagged me long back) If Firefox / Mullvad’s browser use the VPN to send requests to the DoH endpoint (which I think is what they’ll do), I don’t think you have to worry too much about the perceived “exposure” even if there’s a “DNS leak” (DNS resolved by an external endpoint and not VPN’s own DNS).
Thanks! 
If Firefox / Mullvad’s browser use the VPN to send requests to the DoH endpoint (which I think is what they’ll do), I don’t think you have to worry too much about the perceived “exposure” even if there’s a “DNS leak” (DNS resolved by an external endpoint and not VPN’s own DNS).
ELI5? 