From your description it should work and without logs it’s hard to know what is wrong. I could think of caching when your browser or OS keep connecting with the previous public IP for some time.. maybe they even ignore the local DNS (keyword DNS-over-HTTP).
If you want to understand what happens perform systematical troubleshooting
- check DNS (you did already)
- clear DNS cache (don’t forget you router’s DNS cache)
- review browser console logs (F12) to see which IP it uses
- review server and reverse proxy logs
In general I would not recommend to follow your approach. fiddling with ports on a regular base sounds complicated (and introduces issues with letsencrypt if the system is not accessible for certificate refresh). I would rather recommend you follow reasonable security recommendations How to maintain, check and improve the security of your Nextcloud installation and optionally use security tool like fail2ban or crowdsec and definitely don’t forget 101: backup what and why (not how) - this should be “secure enough” for most installations.