DNS would typically be Pi-hole (https://pi-hole.net/) or Adguard Home (AdGuard Home | Network-wide software for any OS: Windows, macOS, Linux), with some interest in Technitium DNS (Technitium DNS Server | An Open Source DNS Server For Privacy & Security).
Firewalling - OpnSense/pfSense (essentially, running a FreeBSD VM - there’s a tutorial already LXD pfsense VM installation )
Apart from Caddy, Nginx Proxy Manager (https://nginxproxymanager.com/) and Traefik (https://nginxproxymanager.com/)
And the number one, all time winner : how to run Docker in a LXC. Worth updating the guidance given the changes in ZFS, and previously the information was a bit disperate.