DNS leak

A DNS leak is a security flaw that allows DNS requests to be revealed to internet service provider DNS servers, despite the use of a VPN service to attempt to conceal them. The vulnerability allows an ISP, as well as any on-path eavesdroppers, to see what websites a user is visiting.
This only occurs with certain types of VPNs, e.g. "split-tunnel" VPNs, where traffic can still be sent over the local network interface even when the VPN is active.

Windows

Starting with Windows 8, Microsoft has introduced the "Smart Multi-Homed Named Resolution". This altered the way Windows 8 handled DNS requests, by ensuring that a DNS request could travel across all available network interfaces on the computer. While there is general consensus that this new method of domain name resolution accelerated the time required for a DNS look-up to be completed, it also exposed VPN users to DNS leaks when connected to a VPN endpoint, because the computer would no longer use only the DNS servers assigned by the VPN service. Instead, the DNS request would be sent through all available interfaces, thus the DNS traffic would travel out of the VPN tunnel and expose the user's default DNS servers.

Prevention

Encrypting DNS requests with DNS over HTTPS or DNS over TLS, which prevents the requests from being seen by on-path eavesdroppers.
Using a VPN client which sends DNS requests over the VPN. 84% of the 283 VPN applications on Google Play Store leak DNS requests.
Changing DNS servers on local computer for whole network adapters, or setting them to different ones. 3rd party apps are available for this such as NirSoft quicksetdns.
Using completely anonymous web browsers such as Tor Browser which not only makes user anonymous, but also doesn't require any dns to be set up on the operating system.