If all traffic is going through your homelab you can make the vpn clients use a vpn specific DNS server or the one suggested with resolving per origin, you then make the external names to your services to resolve to the servsrs’ internal IP addresses, avoiding going out. Another way is to add rules to your gateway to redirect internal traffic going to your external IP addresses to DNAT to the internal addresses but in order for that to work you need to masquerade them which means server logs will have gateway’s IP.