That is what I ended up doing temporarily, but I think I will just make it temporarily permanent. I could likely set up another Docker container to run a DNS server connected to a DoH resolver, and use that container as the DNS server for Traefik, but that’s a lot of work.

I own 3 different domains and just today set up SSL services for them using Traefik (made another post for an issue I’m having with that).

I ended up doing a subnet router and that got me what I was looking for.

Did some more testing to get some details. The error I am getting from Traefik is that Cloudflare cannot create the record because it already exists (PiHole already has the entries). If I delete the records from PiHole, Traefik can then create the TXT records in Cloudflare.

That is almost the exact same thing I am doing. I have 2 Pi’s running PiHole in HA and I just made one of them the subnet router to allow this access. Since I will be the only one using this, I don’t care to use Funnel right now, but thanks for showing that to me. I am (obviously) new to using Tailscale, and that looks like a very neat feature.

I set that up, but the issue now is that my DNS server is replying back with the private IP, which is not accessible from tailscale.

EDIT: Figured this one out. Need to advertise the routes from one of my machines. Set that up and I am good to go now. Thanks!