Which DNS is going to be used if I have different DNSs set in KDE's Network Manager for Wi-Fi and VPN connection?


When using VPN it uses VPN dns servers when using no VPN it is using that dns server

This depends on your configuration:

resolvectl status --no-pager

There must be a link with the flag +DefaultRoute.
See the Current DNS Server on that link.

You can also verify the link for each specific reply:

resolvectl query example.org

Also pay attention to the split DNS settings:
systemd-resolved: introduction to split DNS - Fedora Magazine


Ok, seems to be Wi-Fi’s DNS. What does “-DNSOverTLS” mean? It’s supposed to be DNS over HTTPS. Are my quesries even encrypted?

systemd-resolved only supports plain DNS and DoT, not DoH.
The leading dash means that DoT is disabled on that link.

If you actually need DoH, enable it in the browser settings.
Or configure it globally with a service like dnscrypt-proxy.

See also:
How do I use a DNS-over-HTTPS as the default DNS server system-wide (not on per-connection basis)? - #5 by vgaetera

Are there any plans to make it support them? I am surprised that such a simple security mechanism isn’t yet implemented and deployed to all the users’ PCs by default (making regular people go through the trouble of setting it up) :upside_down_face: