Internet and forum searches are giving mixed information on persistent and stable setup of the router directing Wireguard "client" DNS queries to the assigned wireguard DNS via the VPN
Can tech support verify than when wireguard is enabled the configured wireguard DNS is used?
I am looking at 3xAXT1800's or MT3000's and would like to avoid returning them if this feature is not functional. I just returned a competitor's product for not doing the same.
Looking forward to advice.
Ashley
If there is a DNS declared inside the VPN config, the DNS will be used as long as you don't overwrite this setting like explained here DNS - GL.iNet Router Docs 4
But keep in mind that this does not mean all your devices will use this DNS - it still depends on each endpoint and if they are using plain DNS (which can be intercepted) or DoH/DoT which mostly can't. But the request will still flow through VPN.
And that the application itself isn't doing the lookup directly to 8.8.8.8 (or similar) itself.
Would be intercepted if it's plain DNS (UDP 53) by the router - but yeah, true.
Also be aware that especially chromium browsers can confuse your results.
They now use settings like secure dns, please verify this is disabled 
On android devices they even go a step further hijacking won't be easy since secure dns is automaticly on and cannot be disabled and it can bypass the dns of the router very easily.
It only works by blocking both DoH and DoT, doh can be only blocked with a block list and DoT by destination port 853.
For some reason clients figure out the dns via a hard coded list and then still prefer DoH or fallback to DoT.
I ended up with a combination of ip rule blackholing and using a blocklist, it only fallback to 53 after these blocks if you cannot manually disable securedns.
The DNS set by DHCP of a competitors product was the IP of the travel router, rather than that of the client side of the router. The DNS specified by the VPN was not used. Even though traffic was coming from a client "enabled" on the VPN, and should have been tunneled, DNS traffic was captured and responded to locally by the router.