With the same caveat as the other person (I am not an expert) I think you may be misunderstanding some things:
Currently i am using custom dns over tls with vpn.
For what reason are you doing this? There are decent reasons you migh optionallyt choose to do this, but you should be clear on speciifically why, what problem you are trying to solve. Using DoT in combination with a VPN is not necessary, does not improve privacy or security in most respects (compared to using the VPN providers DNS servers), and does add complexity, so if you are going to do so, you should have a clear reason to.
But since DOT requests are outside the tunnel, i think that ISP can see ip addresses of the sites i visit, so it defeats the purpose of using vpn
Am i right?
I don’t believe so.
First off, I don’t believe it is true that your DoT requests are outside the VPN tunnel unless you have specifically set it up that way. But “the tunnel” only exists between you and the VPN provider, all traffic (whether HTTP or DNS) is outside the tunnel once it leaves the VPNs exit nodes. If you are using a VPN I believe all traffic regardless of protocol is encrypted between your device or network and the VPN, and all traffic is outside that tunnel for the second half of its journey (VPN provider to remoter server which could be a web or DNS server)
But regardless of whether your DNS traffic is passing through the VPN tunnel or not, the ISP should not be able to see the contents of that traffic (because you are using DoT, which is encrypted). So if your ISP can see your DNS traffic, they can see the IP address of your DNS provider, but they can’t see the IP addresses of the sites you visit just from observing your DNS traffic (because that traffic is encrypted regardless of whether you use a VPN or not.