No, there is no need for a DNS server on the router. Or for a DNS server in your local network. The router filters without any DNS involvement.
Most routers have an inbuilt function for that. If internally this is handled by a small DNS server, that I don’t know, but you don’t need to install your own DNS server in any way, neither on the router, nor as a standalone like Pi-Hole or AdGuard.
So, you freely admit you don’t know, but continue to make declarative, absolute statements.
You’re right, my 30 years of doing networks pales in comparison to your expertise.
Another one for the list, I guess.
Yes, please, I’ve done the same! 
Does not work here. I think I have docker installation (VM inside Debian host).
I use SSH addon and there I am logged as root and my home directory is /root/homeassistan, I put both certs under that directory and set path in config:
http:
ssl_certificate: /config/fullchain.pem
ssl_key: /config/privkey.pem
When I try to use https I get response: “This site can’t provide a secure connection” and this is in the HA log:
[core-ssh homeassistant]$ tail -f home-assistant.log
Traceback (most recent call last):
File "/usr/local/lib/python3.12/site-packages/aiohttp/web_protocol.py", line 350, in data_received
messages, upgraded, tail = self._request_parser.feed_data(data)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "aiohttp/_http_parser.pyx", line 557, in aiohttp._http_parser.HttpParser.feed_data
aiohttp.http_exceptions.BadStatusLine: 400, message:
Invalid method encountered:
b'\x16\x03\x01\x06\xd6\x01'
@kgolding Kevin thanks so much for doing this.
Quick question
When generating the required certificates do you enter 192.x.x.x:8123 or just 192.x.x.x
Thanks!
Neither. Certificates are issued to FQDNs, not ip addresses.