VPN and private DNS for adblocking

I just bought a 2 year subscription with NordVPN, mainly for circumventing geolocking on streaming sites. But I thought that since I now have it, I might as well use it all the time on my phone for extra protection.

But after reading up on it I’m a bit hesitant. I’ve been using nextdns for system-wide ad and tracker blocking. I would like to continue doing so since it gives me more control over what gets sent out from my phone. As I understand, using a private DNS with a separate VPN provider makes you stand out more. In that case it might just defeat the purpose.

So my question is how to approach this. My threat model mainly concerns surveillance capitalism. Should I use a VPN or DNS? Or could I use both? I’m not so worried about my ISP since they’re very privacy conscious, though my mobile service provider is not.

Also is there a way to use NextDNS, or other DNS filtering service, with NordVPN without DNS leak? Pi-hole is not an option at the moment.

Thanks for any input!

(I’m on a Pixel 7 with GrapheneOS if that matters)

Use NextDNS with PrivateDNS feature on GrapheneOS. You can test for dnsleak on these websites - dnsleaktest.com dnsleak.com

I have been using NextDNS with my VPN for the past year and my dns has never leaked.

Is it even possible to not get a leak when using DoT with a DNS server other than the VPNs own servers?

I switched to ProtonVPN today and when using Nextdns on top of it (through GrapheneOS private DNS settings) I always get a leak with www.dnsleaktest.com along with other sites as well.