If it concerned me, I would simply route the IP of the DNS I'm using in question over WG.
E.g.
- assign 1.1.1.1 to clients
- route 1.1.1.1./32 over the tunnel
(I do this for wcfg and a WG-based WARP tunnel to send DNS to Cloudflare.)
Be sure WG can resolve the peer endpoint address, or use the IP.