Hi.

My NAS (on Debian 12) hosts a bunch of services for myself and a few friends. The services mostly run as docker containers but some directly on the OS. I could migrate to full docker.

I've got a WG VPN whose central node is the NAS. This is just for myself: for my desktop, laptop, smartphone. My ssh is exposed only on my LAN and on the VPN. I also started running my own DNS using unbound. Only the VPN clients use it and it's working great.

Except I can't use the unbound DNS for my NAS regular interface due to racing conditions during boot (e.g. I've got a custom service that retrieves decryption keys for my hard drives). I've tried playing with systemd's after/requires/etc but I never manage to get a clean boot if I want the NAS default DNS to use unbound.

So at this point and with this level of "complexity" (it's not really complex, but it's not simple anymore), I'm wondering if I should move to something like CoreOS to better compartmentise all these things?

In general, should I move my DNS server to a completely different physical device altogether?

Thank you for your advice.