We configure our clients to never leak DNS (and our audits also confirm this), but if you're an expert user who is concerned, here's one way to check yourself:
If you're on macOS or OS X, go to Terminal and running the following:
sudo tcpdump port 53 (then enter your root password)
Then, leave that window open and browse the internet as usual. If Confirmed VPN is activated (connected), you should see no DNS requests in that window (the exceptions being domains you've whitelisted). When you deactivate Confirmed VPN (disconnected), you'll start seeing DNS requests in that window.
If you're on Windows 10, you can check by opening PowerShell (preferably as administrator) and running the following:
Resolve-DnsName -name whoami.ipv4.akahelp.net -QuickTimeout -Type TXT | Select -exp Strings
When Confirmed VPN is deactivated (disconnected), the command above returns the IP of the DNS server of your ISP.
When Confirmed VPN is activated (connected), the command above returns a different IP that is not your ISP's DNS server. This is Confirmed VPN's configured DNS.
If you have any further questions about this, please reach out to us at firstname.lastname@example.org. We are happy to answer your questions and address your concerns!