It seems like this is never really talked about and people aren't that concerned about it. I'm under the assumption that it isn't and I use DNScrypt for this very reason. I know that DNS leaks from a Tor client can identify them and make Tor useless, I personally make sure that nothing is getting around the socks proxy when I use Tor. What I really want to know is what's the best way to protect your DNS traffic?
It depends. The best way to check would be to run wireshark and see if you can see the dns requests.
If you're running the vpn client on a device then your dns traffic should be sent over the vpn, with the exception of the dns request to find the IP of the vpn server. Once you are connected all traffic should go over the vpn.
If you're running it on a router then it may be different. I can't speak for dd-wrt or any of those but on pfsense the dns traffic from pfsense is not encrypted. You can change which gateway it uses and therefore tell it to use the vpn for dns requests, but if you do that you will have to connect to the IP of the vpn sever as it won't be able to do a dns lookup until it's connected.
You can get around that by not having the router set as your dns server on your devices and instead using Google or opendns or whatever, this way dns requests will go to those servers directly over the vpn rather than going to the router and then going to your router's dns servers.