you could just configure your non-tunneled connections to use OpenDNS servers, and just not configure a local DNS at all. Also, remember, VPNs aren't quite TOR. They help with anonymonity, but only as a side-effect; they are designed to present the illusion of being part of the remote network at Layers 2 or 3. If you really want anonymonimity, then half-way measures like sometimes-on VPNs just aren't strong enough. To be anonymous, you must completely segregate the operations you want to be public and those you want to be anonymous. often a live CD is the best bet. – Frank Thomas – 2015-09-16T14:44:09.363

Not sure what device you have on the other end, but one immediate answer to your issue would be to use its firewall to block all traffic out to DNS servers that aren't assigned via OpenVPN. – Frank Thomas – 2015-09-16T15:00:29.820

Thanks for your reply, I am well aware of what a VPN is (I am the author of the link above) .. The problem I have is with Windows 10, which I do not have access to myself, I am trying to provide a solution to many other users of W10. I agree that F/W would suffice, in some cases, but many people would not be comfortable changing their F/W. So the problem remains. Anybody willing to share a script would be recognised as the author of a very welcome solution. – dotvotdot – 2015-09-17T16:36:38.323

well, here's where to start: http://blogs.technet.com/b/heyscriptingguy/archive/2012/02/28/use-powershell-to-configure-static-ip-and-dns-settings.aspx

I am unable to test this thoroughly, but this appears to be a possible fix.