Okay looking at your mac settings, you make it clear that you only want your mac to be able to connect to the local subnet on the MT Server Router of 192.168.88.0/24.
(if those are real public IPs on ip routes for the router, ensure you remove them from the post).
set winbox address=192.168.88.0/24 (this aint going to let you access winbox remotely… you need to put in the 10.0.20.20 address or whatever it is…
/tool mac-server mac-winbox
set allowed-interface-list=none SHOULD be set to LAN.
Okay I see your IP route…
dst-address=10.0.20.20.2 gwy=WG interface table=main.
Want I want to know is if this is necessary as you have already assigned an IP address to the wg interface, hoping someone can chime in on what the effect is of assigning an IP address to the WG interface (as I normally dont)
By the way I think your whole setup is bogus and your narrow minded need to get DNS on pihole has created a wrong approach.
You have two separate LANs and yet allow full access from one to the other. What is the point of having two separate LANS then.
THere must be a more elegant way of using pi hole and DNS then what you have attempted, sadly I am not able to help much on this front.