From outside? Set up a Cloudflare account and point the NS from your registrar to it.
From inside? Set up unbound on a docker host and don’t open it to the internet. Use that one when you’re local and the normal public DNS when you’re outside. But everything I’m seeing in here makes me sure you shouldn’t even consider opening ports in your firewall to expose inside host services. Use a VPN when you’re roaming, and only use your DNS for local servers/hosts via that VPN. The only use for your outside domain name should be to point a single hostname to your outside IP address so you can use it for your VPN endpoint.
Use DNS challenges for LetsEncrypt cert requests and remove host entries from your Cloudflare after you get your cert.
I’d happily pay for anything I consume if it were convenient, private, and no ads. Since I can’t get that anymore, well, it’s the high seas for me. I pay as much for high seas related services as I would for the official streamers, but the experience is 10x better.
My bad, it must have been another one that I could make multiple profiles with, you are right, I don’t see that on my Insular install currently.
FLOSS is Free Libre Open Source Software. IMO, the only software you can rely on having any control over has to be opensource. Nothing else is worth investing time into, because it’ll eventually enshittify.
Try Insular which lets you install Play Store inside an island that is essentially a bare android system. If the apps access anything on the operating system like contacts, etc. they just get empty data (unless you populate that islands Contacts with what you need for an application). You can make multiple islands if you need to isolate other applications from each other, or you can just install all untrusted apps inside of one island and let them feed off each other. I’ve also seen people poison the data those applications get with bullshit data in the things they are accessing inside the island and sending back.
I’ve used this very successfully with GrapheneOS, it’ll run my bank app for instance, so I don’t have to keep Play Services on my mainland profile. You can also move apps from mainland to island, or island to island inside the Insular manager.
Use Debian, make your life easier. Chances are the RHEL copies are going to get frozen out, but there will always be Debian, and it’s the most community supported server mainline anyway.