The best way to prevent a DNS leak is to use a modern VPN client that includes built-in DNS leak protection. Most reputable VPN providers now include this feature by default, which forcibly routes all DNS requests through the VPN tunnel regardless of operating system configuration.
If you aren't using a VPN, or if your VPN client doesn't offer protection, you can change your system's default DNS servers to a secure, privacy-respecting provider. Good choices include: