Makes no sense to me to configure "Accept DNS configuration" on the OpenVPN client w/ anything but Disabled if you're already configured to use DoT on the WAN. With DoT, all your clients, whether bound to the VPN or WAN, are accessing DNS securely over the WAN. Anything the VPN provider might offer in terms of DNS servers is superfluous.
Now if you're really paranoid and don't even want the ISP to know you're using DoT, you could bind the DoT servers to the OpenVPN client as well using the VPN Director. But I personally believe it's overkill.
All that said, I suppose there is one exception; if the DNS server(s) of the VPN provider are offering special services, such as the ability to circumvent region blocking by streaming content providers. But in that case, the *only* configuration that will guarantee no DNS leaks is Exclusive. Anything else combines the DNS server(s) of the WAN w/ those of the VPN provider, eventually leading to use of the WAN's DNS servers and DNS leaks (assuming the WAN is NOT configured w/ DoT).
Finally, as I tell everyone, you should use the DNS monitor to verify exactly what DNS servers you're actively using, and where they are being routed.
The following script allows for real-time monitoring of DNS on the router for the purposes of knowing what DNS servers are in use, and which network interfaces are being used. https://pastebin.com/AGNF8cC8 Overview One of the most difficult aspects of the router for users is managing DNS. DNS...
www.snbforums.com
Why? Because you can't rely solely on these online leaktest tools. You need to know what's happening on the router *before* your DNS queries make it upstream to any public DNS servers. If you determine all is well on the router, but find out these online leaktest tools are still reporting leaks, you know it's NOT due to the DNS configuration on the router.