Private DNS + WireGuard VPN

Hello! I am configuring a setup that allows me to preserve my privacy inside and outside my home, even because i live in a student house that likes to mind student business a lot

In order to do this I did:
VPS: adguard container server (for private dns)
VPS: wireguard container server (vpn)

now, the wireguard container as a resolver has the adguard container, in this way i have my chosen upstrream dns servers, tracking blocking etc etc

the issue is that I put the wireguard peer configuration to the glinet router, what i care most is that dns queries are encrypted, even more than the filtering
I can not understand in any way if the glinet router includes in the tunneling ALSO the dns queries because:

  • if i try to run PCAPdroid on my phone i will se the queries are plain (port 53) since we are in the LAN and the vpn is held by the router
  • if i check on adguard on my vps the queries (in the query log) are “Type: A, Plain DNS” because indeed are plain dns the question is “are they encrypted in the wireguard tunnel?”

So i do not understand, I made all of this also because glinet does not allow to put custom dns, in this way I managed to have my dns server but for me is REALLY important that are encrypted… i tried to search but the tunneling of dns queries depends on the OS (as i understood)… now this little concept is really over my head and is too much important for me and i must understand how is working because for me there is no way to snoop the outgoing traffic FROM the router (maybe i shoud put another computer as a gateway after the router but idk how to do really) and check if wireguard is encrypting dns queries

does anyone know how glinet firmware handles this? Thank you all so much