As the primary subject in the article referenced by the OP was about DNS and not VPN's, maybe for starters we should be discussing using DNS services that operate over either/both TLS or https.
We already know that encrypting our DNS lookups effectively neuters the ISP's from using their own DNS servers as a means of censorship.
Meanwhile, when we use a VPN then typically the DNS lookups are ceded to that specified by the DNS server and not done locally at the client end of things. Unless you have control over the VPN server then you do not have control over where the DNS lookups are made or delegated to. If when connected to a VPN server a DNS lookup is done locally (either deliberately or by accident or by poor config' etc etc), then you get what they call a "DNS Leak" which in turn is just the sort of thing that censors (typically ISP's) are looking for as a way of inflicting their big-brother views upon us or using that for the purposes of geo-rationing or whatever their agenda happens to be.
At the end of the day, there is no substitute for rolling your own and using verifiable end-to-end encryption for everything in order to keep the nosey b@$t@rd$ out of one's business.