And to further reinforce this point, one of the basic config variables for wireguard is your dns servers. You could literally send no traffic but your dns queries to the wg tunnel.