diff --git a/spec/defines/interface_spec.rb b/spec/defines/interface_spec.rb
index 498a4ac..3588a1d 100644
--- a/spec/defines/interface_spec.rb
+++ b/spec/defines/interface_spec.rb
@@ -366,6 +366,33 @@ class {"systemd":
         it { is_expected.to contain_file("/etc/systemd/network/#{title}.network").with_content(%r{Address=fe80::ade1/64}) }
         it { is_expected.not_to contain_ferm__rule("allow_wg_#{title}") }
       end
+
+      context 'wgquick with required params (public_key) and an address entry with dns also without firewall rules' do
+        let :params do
+          {
+            public_key: 'blabla==',
+            endpoint: 'wireguard.example.com:1234',
+            manage_firewall: false,
+            # we need to set destination_addresses to overwrite the default
+            # that would configure IPv4+IPv6, but GHA doesn't provide IPv6 for us
+            destination_addresses: [facts[:networking]['ip'],],
+            provider: 'wgquick',
+            addresses: [{ 'Address' => '192.168.218.87/32', 'DNS' => '192.168.218.1' }],
+          }
+        end
+
+        it { is_expected.to compile.with_all_deps }
+        it { is_expected.to contain_class('wireguard') }
+        it { is_expected.to contain_exec("generate private key #{title}") }
+        it { is_expected.to contain_exec("generate public key #{title}") }
+        it { is_expected.to contain_file("/etc/wireguard/#{title}.pub") }
+        it { is_expected.to contain_file("/etc/wireguard/#{title}") }
+        it { is_expected.to contain_file("/etc/wireguard/#{title}.conf") }
+        it { is_expected.to contain_file("/etc/wireguard/#{title}.conf").with_content(%r{[Interface]}) } # rubocop:disable Lint/DuplicateRegexpCharacterClassElement
+        it { is_expected.to contain_file("/etc/wireguard/#{title}.conf").with_content(%r{Address=192.168.218.87/32}) }
+        it { is_expected.to contain_file("/etc/wireguard/#{title}.conf").with_content(%r{DNS=192.168.218.1}) }
+        it { is_expected.not_to contain_ferm__rule("allow_wg_#{title}") }
+      end
     end
   end
 end
diff --git a/templates/wireguard_conf.epp b/templates/wireguard_conf.epp
index 7b721f6..b67e85b 100644
--- a/templates/wireguard_conf.epp
+++ b/templates/wireguard_conf.epp
@@ -5,10 +5,13 @@
     Array[Hash] $addresses,
 | -%>
 # THIS FILE IS MANAGED BY PUPPET
-[Interface]
 <% $addresses.each |$address| { -%>
+
+[Interface]
+<% $address.each |$key, $value| { -%>
 <%= $key %>=<%= $value %>
 <% } -%>
+<% } -%>
 ListenPort = <%= $dport %>
 PostUp = wg set %i private-key /etc/wireguard/<%= $interface %>
 <% $peers.each |$peer| { -%>