Some careful experimenting this morning with my NetGear C6300v2
cable-modem/router showed that I could effectively plug the IPV6 DNS
lookup loophole, by putting in a predetermined global unicast address
concocted from the conversion of the IPV4 address to the IPV6 address
but adding the global unicast address modifier 2000::::(converted IPV4
to IPV6)
In the clear, the eth0 hardwire connection pushes the DNS lookups via
the two IPV4 preset ExpressVPN DNS numbers, and then CiscoOpenDNS takes
them and might bounce the DNS request to another DNS IP in the same
domain. This is acceptable to me.
NetworkManager more or less was unable to overcome the firmware in the
NetGear C6300v2 box, but the changes to the IPV6 settings now gives me
an ad-hoc solution
The VPN connections are working as they are supposed to, with encrypted
unlogged DNS queries.
P.S. I did find an interesting discussion by Cloudflare CEO stating how
she wants digital citizenship to be forced upon everyone, and I found it
fascinating that my Mozilla Firefox browser was pushing DNS lookups via
Cloudflare. (no longer, however)
