Whitelist VPN server's domain name when using 'Block Non-VPN Traffic'?

what is the default setting for dns wireguard client - through home server or cloudflare?

if the travel router hits cloudflare first that wouldnt be an issue for exposing location right? since it would just use cloudflare to figure out the pathing, but when you try to connect it will be through the home server (i think?) or will the dns server used to resolve location be exposed as part of the flow?

For a WG client profile, you can simply use 1.1.1.1 if you do not have any custom DNS on your local LAN.

If you do have custom host entries on your home router, then include the internal wireguard IP of your home server (10.0.0.1 by default, but you should typically change that as it’s prone to IP conflicts).