Wireguard external IP routing to AXT1800 internal IP

Thanks for the suggestion, I tried adding the AXT1800 range to the WG server AllowedIPs and restarted the WG service but unfortunately the issue remains and the symptoms are the same (IP access works, domain access doesn’t work). For reference, here are my configs after the update:

WG server (click to show)
[Interface]
PrivateKey=redacted
Address=10.253.0.1
ListenPort=51820
PostUp=logger -t wireguard 'Tunnel WireGuard-wg0 started'
PostUp=iptables -t nat -A POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE
PostDown=logger -t wireguard 'Tunnel WireGuard-wg0 stopped'
PostDown=iptables -t nat -D POSTROUTING -s 10.253.0.0/24 -o br0 -j MASQUERADE

[Peer]
PublicKey=redacted
PresharedKey=redacted
AllowedIPs=10.253.0.2,192.168.8.0/24

WG client (click to show)
[Interface]
Address = 10.253.0.2/32
ListenPort = 6321
PrivateKey = redacted
DNS = 192.168.1.1

[Peer]
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = wg.domain.com:51820
PersistentKeepalive = 25
PublicKey = redacted
PresharedKey = redacted