Instead of explicitly overwriting the DNS in the DHCPServer config we
ignore the upstream DNS from DHCP on the upstream interface so
networkctl/resolvectl understands the right DNS server, and can forward
it to DHCP clients.
Without this, the rule to allow local network hosts direct access to the
sigma-public address might be shadowed by the rule to send traffic from
that address out through wireguard.
