Be sure to push your DNS through the OpenSSH tunnel too, or they'll see your client's DNS requests. Here is a very short write-up on safe web browsing while on untrusted networks: http://16systems.com/OpenBSD/untrusted.pdf

Instead of an OpenSSH tunnel, use OpenVPN. It has settings to automatically push DNS, and on my Mac for example using Tunnelblick (a wrapper) I can have a GUI that can give me status updates on my tunnels, and when they get disconnected, to make sure I don't accidentally sent information down the wrong line.

For proxied services, the proxy (e.g., squid) server on the other end of the ssh tunnel will be making the DNS requests.

If you want to be fastidious enough to hide the DNS for un-proxied services, you'll probably also want to have a firewall blocking and logging most outgoing non-tunneled services so you can identify them and configure the clients and proxy appropriately.