I’m not an expert in AiO but AFAIK there is nothing special - vanilla Docker DNS, you can check running following commands on the host shell (if you run plain Docker skip the “compose” and add user -u 33 if required):
docker compose exec {containername} php -r "var_dump(dns_get_record('nextcloud.com', DNS_A ) ) ;"
docker compose exec {containername} php -r "var_dump(dns_get_record('nextcloud.com', DNS_AAAA ) ) ;"
docker compose exec {containername} php -r "var_dump(dns_get_record('nextcloud.com', DNS_MX ) ) ;"
docker compose exec {containername} php -r "echo gethostbyname('app');"
running the system behind reverse proxy results in all internal office requests going trhough the internet which is no ideal from networking PoV - look here to see on possible solution Probably DNS help with NC Docker + Collabora + Wireguard tunnel
I’m not sure I misunderstand your statement but in general I would not route internal traffic to the external IP but rather to the internal/DMZ IP of the reverse proxy… and definitely avoid NAT if possible.