How to configure DNS in WG?

[hushcoden]

Still a lot to learn, so please educate me: by reading the official document WireGuard Selective Routing to External VPN Endpoint it seems there is no need to create a firewall rule for the DNS, and the only mention is at the very end of the document but just relating to DNS leaks (so I read it as optional):

1) why is there no need for firewall DNS rule?

2) as for the very last paragraph/note, I was expecting also the need to specify the destination port range i.e. DNS/DNS, but why is it not the case?

On a separate note, in the instance WG configuration there is a DNS servers setting, but it's not mentioned on any documentation, so what is that for?

[FredFresh]

I think you should define if you are using the dns provided by the vpn provider or an external one, through local dns or unbound dns or other

[hushcoden]

I think you should define if you are using the dns provided by the vpn provider or an external one, through local dns or unbound dns or other

I want to use dns provided by the vpn provider

[FredFresh]

If you want to use it, I think you have to add the DNS ip provided by the dns provider to the wireguard/instances mask.

If you look to the proton vpn guide ehre, it is mentioned
https://docs.opnsense.org/manual/how-tos/wireguard-client-proton.html

There are guides more specific also for other VPN providers.

[hushcoden]

If you want to use it, I think you have to add the DNS ip provided by the dns provider to the wireguard/instances mask.

For me, with or without the Proton DNS server IP address 10.2.0.1 nothing really changes: as long as I keep the port forward rule (see screenshot), then DNS seems to work properly, and still I don't understand the purpose of the DNS servers setting in the WG instance configuration...