Because there is no data on how many people use Mullvad Browser with Proton VPN, and how many of those have which DNS settings selected, you just have to make the decision you think is best for you.
I would stick to one provider and turn the browser’s DNS off when using a VPN.
If being fingerprinted this way is a problem, your only other option would be using the Tor Browser.
Following this topic, I believe a note should be put on that regards that if you use Mullvad Browser with a VPN with settings to max protection, there could be a DNS leak.
Maybe even change the recommendation for everyone to change the DNS settings to default Protection.
I don’t think DNS would leak. The browser will still use its DNS or your VPNs. How is that a DNS leak?
I’m not the expert here, but please see this topic:
I guess we’re thinking of “leak” here differently but overall agree that your VPNs DNS should be the only one used.
Now I understand your question a little better. I think what you’re looking for is an additional layer of protection, even though the connection is still routed through a VPN (with its private DNS).
So yes, you can leave it enabled because the connection is routed through your private VPN. There’s no problem, but I recommend another type of more robust protection layer, such as TOR.
From my understanding, this would potentially create a leak and you should not do that.
See this topic:
I already put mine to default protection.
In theory, no, because it’s behind a VPN. Correct me if I’m wrong. You also have to consider that you have to trust your VPN provider, and nowadays I would only trust Mullvad or AirVPN.
I’m convinced now you have to either put it to off or default protection.
I am writing this to suggest that PrivacyGuides not recommend using the Secure DNS / DNS Over HTTPS feature on the browser recommendation and configuration page. The reason for this is because this feature causes DNS Leaks when using a VPN.
There is also the fact that all three VPNs recommended by Privacy Guides [Mullvad, ProtonVPN, and IVPN (page hosted by IVPN)] all specifically recommend to not use this feature.
Mullvad:
Firefox on desktop
To turn off DNS over HTTPS follow these steps:
- Click on the menu button and select Settings.
- Click on Privacy & Security in the left column.
- Scroll down to the bottom. Under Enable secure DNS, click on Off.
Portmaster
Portmaster hijacks DNS queries. Try to uninstall that.
Browser extensions
If you have installed a browser extension that can change the DNS, for example CIRA Canadian Shield, then turn that off.
Proton:
We therefore strongly recommend against using DoH (and the similar DNS over TLS standard) with Proton VPN . When using our apps, all DNS queries are sent through the VPN connection to our servers, and are thus securely encrypted without the need for DoH or DoT.
IVPN:
Mozilla Firefox
Select the menu button and go to Settings. In the Privacy & Security menu, scroll down to the Enable secure DNS using: section. Choose Off.
My only remaining interrogation is about router settings, which doesn’t seem to be covered in the three links of Mullvad/Proton/iVPN.
Could anyone answer this? If I want to configure DNS like NextDNS or 1.1.1.1 on my router, am I suceptible to DNS leak as well?
I’m always using a VPN, but some people in my household don’t want to (working on that 
). So I at least changed my DNS on my router, but would that give me a DNS leak risk?
DNS resolution requests can be used to fingerprint users. One such demo: http://dnscookie.com/
If browsers handle DNS, then DNS technically IS part of the browser fingerprint… though, just not during / after the webpage rendering / JS execution phase.
(logged in again to respond since you tagged me long back) If Firefox / Mullvad’s browser use the VPN to send requests to the DoH endpoint (which I think is what they’ll do), I don’t think you have to worry too much about the perceived “exposure” even if there’s a “DNS leak” (DNS resolved by an external endpoint and not VPN’s own DNS).
Thanks! 
If Firefox / Mullvad’s browser use the VPN to send requests to the DoH endpoint (which I think is what they’ll do), I don’t think you have to worry too much about the perceived “exposure” even if there’s a “DNS leak” (DNS resolved by an external endpoint and not VPN’s own DNS).
ELI5? 
Not quite ELI5, but:
As far as using in-browser DNS with VPN is concerned, it is okay to do so as our concern of “standing out from the crowd” (by not using VPN’s DNS) is side-stepped by the fact that browser will relay DNS over the VPN, just like it does with HTTP. And so, the IP won’t leak.
Btw, the above is also true for Private DNS as implemented in AOSP 10+, which routes all DNS requests over a VPN, if set up.
But, I guess your concern is similar to (from the GrapheneOS FAQ):
Apps and web sites can detect the configured DNS servers by generating random subdomains resolved by querying their authoritative DNS server. This can be used as part of fingerprinting users. If you’re using a VPN, you should consider using the standard DNS service provided by the VPN service to avoid standing out from other users.
This specific fingerprinting (which I don’t think is widely deployed) will work (in that, it’ll expose to remote that you are one of those who use XYZ DNS with ABC VPN), but if the browser is sending a DNS request, it is most likely the webpage we’ve visited is requesting it (in which case, the webpage already has way more fingerprints than what this DNS fingerprint might expose to the remote server).
Yet another example why I don’t agree with this site’s policy on AI. Pinging @jonah
Because of it, I had to chat on pm with ignoramous answering questions that many seem to have.
The conclusion to this post is that DNS on a browser should be disabled when you’re using a VPN at all times (with kill-switch on for instance).
Having read this entire thread I am still somewhat puzzled. Can someone please clarify,If one is using a VPN do you still need to use DNS over HTTPS?
If one is using a VPN is it pointless to have 1.1.1.1 set at the router level?
Your VPN comes with a DNS resolver of its won so it is normally recommended to always default to it. You don’t need additional or a custom DNS setting in your browser for example. You will still have DNS over HTTPS via your VPN.
Yeah, don’t do this (unless you really want to keep using Cloudflare for some reason).
Thanks for clarifying everything above. BTW if one uses Cloudflare as per the description above at the router level, does that result in a DNS leak?
If you know you’re using Cloudflare, and check for DNS leaks at dnsleaktest.com, it should not show another DNS as your resolver (other than Cloudflare). If this is the case, no DNS leak. If not, there is DNS leak.
But I have never used DNS settings of my router as I like to have that on the device level but you can test it out and see for yourself. Experimenting with low risk things like this also teaches you a lot (I only say that assuming you’re new to this stuff given your valid questions).
And if you are using at the router level, make sure your browser is not using a custom DNS either, otherwise it will use your browser’s DNS preference you set and will disregard Cloudflare from your router (which is what my understanding is of how this works).
Thank you for confirming my point 
“Yet another example why I don’t agree with this site’s policy on AI.”
No. VPN has its own DNS. If you want to be absolutely sure, enable VPN kill switch. All traffic will go through your VPN’s DNS. Disable your browser’s DNS (or put to default and it will use your VPN’s DNS.
Yes. Unless there are other people on your household who don’t use VPN for instance.
That’s where Lumo’s answer is the best and I couldn’t rewrite it better myself. Complain to the team to have the reply unhidden.