(Override local DNS) dns leak

I have Override local DNS but for some reason is dnsleaktest is showing the local computer dns instead of the one I set through tailscale.

I find the same, and this fits with the experience when using Tailscale - DNS is run through both the Tailscale defined and local DNS servers, but apparently not all the time. It’s not a problem for me with public hosts, but sometimes on internal machines with public DNS entries it causes an issue.

What I’m really looking for is a filtered DNS for tailscale - if the host is directly connected to tailscale then only that address is returned, otherwise only the LAN address (for hosts on my private net) or public address for public hosts. For LAN hosts, I’m finding it seems to flick between TS address and LAN address and can mess things up.
Ideally, this would be an option for MagicDNS, but for the moment I’m thinking of trying to set up my Tailscale relay hosts to do the job - I’m sure the right DNS package and config and it’s possible.

It is only happens on windows, and not on mac os for me at least.