You should never expose a DNS server publicly. Connect to your VPS through a VPN like Wireguard.
Do you have a second DNS server configured in Windows which it could use as a fallback?
Dual-Stack is usually no problem, but going IPv6-only is a pain, because a suprising amount of services are v4 only. Even NAT64/DNS64 doesn’t help everywhere.
There is https://gitlab.com/flauncher/flauncher, which is working nicely
I’m using Authentik for SSO for a while and it has been great. It’s relatively easy to configure with many guides available.