@freak4915
To avoid DNS leaks when using the VPN you have to route the DNS traffic over the VPN. There are two possibilities to to that:
Either forward the DNS requests of the respective devices you route over the VPN to a public DNS server, which you route over the VPN as well, or use the DNS resolver on pfSense and direct its whole DNS requests over the VPN.
However, the firest one will not work with DoT and none of them works with DoH.
For the first method, simply add a port forwarding for DNS traffic to a public server and add a policy routing rule to direct DNS requests to the destination server over the VPN.
For the second, restrict the DNS Resolvers outbound interfaces to the VPN gateway group and care that all your devices use pfSense for DNS.