Cloudflare tunnels DNS is blocked, need help with split DNS

Zero Trust Cloudflare Tunnel
1

What is the name of the domain?

spidershomelab.xyz

What is the error number?

None given

What is the error message?

2025-04-07T10:06:38Z ERR error=“Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp: lookup traefik on 1.1.1.1:53: no such host” connIndex=3 event=1 ingressRule=3 originService=http://traefik/ 2025-04-07T10:06:38Z ERR Request failed error=“Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp: lookup traefik on 1.1.1.1:53: no such host” connIndex=3 dest=https://nextcloud.spidershomelab.xyz/index.php/204 event=0 ip=198.41.200.233 type=http

What is the issue you’re encountering

Cloudflare tunnels

What steps have you taken to resolve the issue?

I tried a coredns configuration, as well as other dns configurations, as well as trying only adding cloudflares nameservers as my pods nameserver, but then I lose the ability to locally resolve ips on my cluster, as well as behaving a bit weird with other pods, but dns more importantly, which i need (the original issue is fixed in that case).
Extra information:
This issue is within my k8s config or within my k8s cluster, as I tested cf on the host and it runs fine, i either need help to fix the fundamental issue, or I would perfer if somone could send me a split-dns configuration as I already tried that and failed.

What are the steps to reproduce the issue?

The issue could potentially lie in my k8s configuration, try it out, and try it with commenting in and out the nameserver, also make sure you make a env configmap with a cloudflare tunnel token set:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: tunnel
  labels:
    app: tunnel
spec:
  replicas: 1
  selector:
    matchLabels:
      app: tunnel
  template:
    metadata:
      labels:
        app: tunnel
    spec:
#      dnsPolicy: None
#      dnsConfig:
#       nameservers:
#          - 1.1.1.1
#          - 10.43.0.10
#        searches:
#          - default.svc.cluster.local
      hostNetwork: true
      containers:
        - name: tunnel
          image: cloudflare/cloudflared:latest
          args:
            - tunnel
            - --no-autoupdate
            - run
          env:
            - name: TUNNEL_TOKEN
              valueFrom:
                configMapKeyRef:
                  name: env
                  key: CLOUDFLARE_TUNNEL_TOKEN
      restartPolicy: Always