Acording to what you said, I reproduced it. Then,I use command "tcpdump -i wgclient port 53 -XXnn" to capture dns packets. I noticed that the DNS response did not appear. So, I tried to change the DNS server address of wireguard client. I got response packet. And, the subnet client (use VPN) will parse the domain correctly (via the wgclient interface).