Some DNS options you can use, on top of a VPN.
Whatever you do: do NOT use the standard/default DNS servers from your ISP. And do not use the 'big names' like google's 8.8.8.8 and the likes like cloudflare and such (in this case, you give away your lookups data to your ISP ànd these tech companies)
I'm not saying these options are THE solution (it's not) but it helps to make it a little les easy for your govenement to spy on you or your ISP to data-mine.