Tailscale> Set pihole machine/s as a nameserver/s> tailscale always on> use tailcale DNS... Profit?
Pi-hole
The Pi-hole® is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software.
I'm not familiar with Tailscale, but I assume it would only route DNS requests through the VPN just like the docs' solution does, doesn't it?
You can set a machine to be an exit node and route all traffic through it. Set it is as subnet router and you have your home network but everywhere.
I was implementing tailscale anyway so it was very little effort to add my pihole lxc+machine to it.
Note, I'm an advanced beginner. My homelab is other people's projects bolted together with scotch tape and best practice violations. Take the key words as Google recommendations only.
You can accomplish the same with any VPN solution that supports split tunneling.
WireGuard, Cloudflared, nginx, done.