Just FYI the thing you are looking for is the holy grail that everyone here is looking for, me included. And so far as I've been reading this forum zealously in the last 2 months, the consensus is that there is no solution like we want. I could be wrong, and I don't want to dissuade you. If there is a solution we are all VERY interested. I haven't read a solution here yet. The problem is the limitation of android allowing only one VPN layer and not having a hosts file access natively.
In your case, as you have mentioned a few times, its important for you to use the VPN slot for your actual VPN, understandably. In this case then your only options are:
- to get a VPN service that gives you adblocking and allows you a custom DNS as well (I don't know any, might exist)
- use NextDNS (or similar service) in conjunction with your VPN
- root the device and gain hosts access
I can't think of much else for you.
FYI NextDNS allows up to 300,000 queries per month for free. Paid service is only for more queries. Whether that's enough for you or not I can't say. I also don't know if it will even work with a VPN, but might.
Lastly remember that general DNS domain blocking might be ok for apps, but for browsing and preventing tracking its not too great. Blocking a domain that way blocks it everywhere which can cause problems, as well as the fact that you can't block some important trackers that way, for example google ones. Another example is I may not want an app to talk to a domain, but I want the other app not to do so. Domain based systemwide blocking is problematic here.
You can certainly implement DNS blocking AND run uMatrix in your browser on top of it. Also uMatrix is superior to uBlock origin if you want fine tuned control, but its more cumbersome on first visit to sites.
That's all I have to help you.