Is it true that the provider replaces DNS requests in my case?

F

fdroid2019-02-24 19:24:33

Domain Name System

fdroid, 2019-02-24 19:24:33

I go to sites blocked by the RKN using a VPN - a common situation.
As it was before:
VPN is disabled, I go to the rutracker, I get a provider stub that hangs on some IP. I turn on the VPN, I go to the rutracker.
As it has become now:
VPN is disabled or enabled - it doesn’t matter (!), I go to the rutracker, the browser swears that the certificate is self-signed (it’s on the rutracker!), Offers to add it to the exceptions. Ok, I add and... The provider's stub hangs on the domain name of the rutracker! - "Forbidden blah blah blah."
I use DNS 8.8.8.8, I check myself for all kinds of DNS Leak Test, and I understand that I don’t use 8.8.8.8, which means that the provider replaces them.
I use DNSCrypt, turn on the VPN, go to a normal root tracker with a normal SSL certificate, and not the pseudo-root tracker that the provider is trying to slip.
In connection with what questions. Are my assumptions correct? Is it even legal to spoof DNS queries?