Typical causes are operating-system resolvers that ignore the tunnel configuration, IPv6 requests escaping an IPv4-only tunnel, and captive portals that inject their own resolver. The result is a hostname-by-hostname log at a resolver the setup was meant to bypass.
Leak-test pages show which resolver answers during a session, and VPN clients differ in whether they force DNS inside the tunnel. The setup guides linked here include the checks.