diff --git a/roles/common/tasks/ubuntu.yml b/roles/common/tasks/ubuntu.yml
index e5d9165..e1d9714 100644
--- a/roles/common/tasks/ubuntu.yml
+++ b/roles/common/tasks/ubuntu.yml
@@ -89,7 +89,6 @@
       - iptables-persistent
       - cgroup-tools
       - openssl
-      - resolvconf
     sysctl:
       - item: net.ipv4.ip_forward
         value: 1
diff --git a/roles/dns_encryption/handlers/main.yml b/roles/dns_encryption/handlers/main.yml
index c46912b..7947ef1 100644
--- a/roles/dns_encryption/handlers/main.yml
+++ b/roles/dns_encryption/handlers/main.yml
@@ -4,6 +4,7 @@
     daemon_reload: true
 
 - name: restart dnscrypt-proxy
-  service:
+  systemd:
     name: dnscrypt-proxy
     state: restarted
+    daemon_reload: true
diff --git a/roles/dns_encryption/tasks/ubuntu.yml b/roles/dns_encryption/tasks/ubuntu.yml
index 9290cf4..0f1cffc 100644
--- a/roles/dns_encryption/tasks/ubuntu.yml
+++ b/roles/dns_encryption/tasks/ubuntu.yml
@@ -42,5 +42,4 @@
       [Service]
       AmbientCapabilities=CAP_NET_BIND_SERVICE
   notify:
-   - daemon-reload
    - restart dnscrypt-proxy
diff --git a/roles/wireguard/defaults/main.yml b/roles/wireguard/defaults/main.yml
index d94f3ff..0559c50 100644
--- a/roles/wireguard/defaults/main.yml
+++ b/roles/wireguard/defaults/main.yml
@@ -16,3 +16,9 @@ wireguard_network_ipv6:
 wireguard_vpn_network: "{{ wireguard_network_ipv4['subnet'] }}/{{ wireguard_network_ipv4['prefix'] }}"
 wireguard_vpn_network_ipv6: "{{ wireguard_network_ipv6['subnet'] }}/{{ wireguard_network_ipv6['prefix'] }}"
 easyrsa_reinit_existent: false
+wireguard_dns_servers: >-
+  {% if local_dns|default(false)|bool or dns_encryption|default(false)|bool == true %}
+  {{ local_service_ip }}
+  {% else %}
+  {% for host in dns_servers.ipv4 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}{% if ipv6_support %},{% for host in dns_servers.ipv6 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}
+  {% endif %}
diff --git a/roles/wireguard/templates/client.conf.j2 b/roles/wireguard/templates/client.conf.j2
index 59e5d52..f75f0f4 100644
--- a/roles/wireguard/templates/client.conf.j2
+++ b/roles/wireguard/templates/client.conf.j2
@@ -2,7 +2,8 @@
 PrivateKey = {{ lookup('file', wireguard_config_path + '/private/' + item.1) }}
 Address = {{ wireguard_network_ipv4['clients_range'] }}.{{ wireguard_network_ipv4['clients_start'] + item.0 + 1 }}/32{% if ipv6_support %},{{ wireguard_network_ipv6['clients_range'] }}{{ wireguard_network_ipv6['clients_start'] + item.0 + 1 }}/{{ wireguard_network_ipv6['prefix'] }}
 {% endif %}
-DNS = {{ local_service_ip }}
+
+DNS = {{ wireguard_dns_servers }}
 
 [Peer]
 PublicKey = {{ lookup('file', wireguard_config_path + '/public/' + IP_subject_alt_name) }}
diff --git a/roles/wireguard/templates/server.conf.j2 b/roles/wireguard/templates/server.conf.j2
index a90e3fd..3f9f45d 100644
--- a/roles/wireguard/templates/server.conf.j2
+++ b/roles/wireguard/templates/server.conf.j2
@@ -2,7 +2,6 @@
 Address = {{ wireguard_network_ipv4['subnet'] }}/{{ wireguard_network_ipv4['prefix'] }}{% if ipv6_support %},{{ wireguard_network_ipv6['gateway'] }}/{{ wireguard_network_ipv6['prefix'] }}
 {% endif %}
 
-DNS = {{ local_service_ip }}
 ListenPort = {{ wireguard_port }}
 PrivateKey = {{ lookup('file', wireguard_config_path + '/private/' + IP_subject_alt_name) }}
 SaveConfig = true