bitboy111 What am I goofing up?
While Oggyo has the correct suggestion, the official GrapheneOS docs say:
If you're using a VPN, we recommended against having a Private DNS server configured. If you want to filter traffic while using a VPN, use a VPN service app able to do both such as RethinkDNS. Private DNS also interacts strangely with multiple profiles since each profile has their own VPN configuration but Private DNS is global. Either leave Private DNS on the default Automatic mode or set it to disabled when using VPNs.
So if you still would like to use your private DNS on LAN you should set Private DNS to disabled in GrapheneOS. Then configure your DHCP server on your LAN to assign your private DNS server IP as a DNS server to your client devices. And then follow Oggyo's instructions from the previous post.
Also, using a VPN with a custom DNS server may contribute to fingerprinting, because you stand out from other VPN users. See here:
Apps and web sites can detect the configured DNS servers by generating random subdomains resolved by querying their authoritative DNS server. This can be used as part of fingerprinting users. If you're using a VPN, you should consider using the standard DNS service provided by the VPN service to avoid standing out from other users.
To sum up if you use a VPN it's recommended to stick with VPN provided DNS servers so you look like everybody else who uses the same VPN server.