DNS doesn't use...
This is really simple, don't make it difficult.
DNS doesn't use HTTPS (port 443) or your VPN. It runs over a separate unencrypted channel.
DNS typically uses a high number UDP port to send and UDP port 53 to receive. However, it can also use TCP under certain circumstances.
If someone is sniffing, they can see all the information in the packet... which includes who is asking, where it's asking and what it's asking about in plain text.
