update-resolv-conf/resolvconf dns leaks from ISP

I'm running Mint 15 Cinnamon and after using update-resolv-conf with OpenVPN from the command line and testing the DNS I noticed the DNS from the ISP are still being queried and leaking through.

This is an example of my openvpn.conf

------------------------------------------

client
dev tun
proto udp
route-delay 10
comp-lzo no
tls-auth ta.key 1
sndbuf 131072
rcvbuf 131072

script-security 2

cipher AES-128-CBC
tls-cipher DHE-RSA-AES128-SHA

# Server List
remote 12.2.64.14 443
#remote 11.4.21.40 443

remote-random

resolv-retry 10
nobind

persist-key
#persist-tun
keepalive 3 10

ns-cert-type server

# Set log file verbosity & log path
#log /var/log/openvpn
verb 1

# Silence repeating messages
mute 20

#Push DNS from the server
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

#User Info
ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/my.crt
key /etc/openvpn/keys/my.key
tls-auth /etc/openvpn/keys/ta.key 1

------------------------------------------

Inside as an example for /etc/resolv.conf it still shows like below for pulling in my dns;
search mydomain.com

Therefore because of the above example that appears in resolv.conf your DNS from your ISP are leaking by and still being used.

Considering OpenVPN, I thought the point of the update-resolv-conf was to push the DNS from the VPN server to the client so that you only use these DNS, and prevent the DNS from the ISP from being used, afterall this should be the reason why you use this script but this does not work.

The only way I see this can work properly is the line in /etc/resolv.conf needs to be commented out or removed;

#search mydomain.com

One of the best places I've found online you can test this at is 'GRC DNS Nameserver Spoofability Test'

https://www.grc.com/dns/dns.htm

When you run the GRC test you will see it does query and find your ISP DNS.