You can use Mac filter to enable only your devices to connect to the guest SSID. Mac filter is not the most security method but is better then nothing. You can also apply ACL to the SSID. Unfortunatelly, the ACL does not allow define a source, which makes it much less secure..
Regarding the DNS, as you could see, the AP does not habe DNS config option, which is uncommon on this kind of devices. They will pose as DNS server for clients and will forward clients requests to your wired network.
