You can set up nginx to do reverse proxy to your home IP, and then limit the traffic on your home IP to the VPS IP.
You can also setup a wireguard VPN between VPS and your home machine, so the traffic between VPS and your hoke machine is encrypted.
For DNS you just point to the VPS, and manage connections there, and on home network allow only VPS IP to connect. Then manage your security on the VPS.