Google devices (so maybe apple ones as well) sometimes hard code the dns server so you need to redirect dns request to you local unbound instance with a firewall rule.
Google devices (so maybe apple ones as well) sometimes hard code the dns server so you need to redirect dns request to you local unbound instance with a firewall rule.
In short yes They all have their own key pair. Private and public Each client should know the “servers” public key. And the “server” should know the client’s public key(s)
2 potentials
ISP blocking Web hosting ports/traffic - often opt Out or flat out blocked for residential connections.
ISP using CGNAT so your “public ip” isn’t really public? But you got this far so i would guess you already know that.
For reference, the cgnat “public ip range” should be 100.64.0.0 to 100.127.255.255
If you do have cgnat i think maybe cloudflare tunnels, tailscale or a vps are your solutions.