How to block DNS request from browser?

Hi.When I block a program like Firefox to access internet still the DNS request can be found in packets (In Wireshark).How to block completely to prevent sending DNS request for a program?

Applications will usually use the built in DNS client of windows that is hosted in one of the many instances of svchost.exe, so you will need to create a HIPS rule and select block for the DNS/RPC Client Service access right for the application. Then you would need to create a block outgoing UDP destination port 53 firewall application rule.

The problem is I’ve made a Killswitch rule for program to connect only through VPN.If I make the HIPS rule to block DNS,It can’t connect through VPN.I need a way to block DNS requests by program itself or by Svchost,outside the VPN network.