Caddy on an Azure VM, `--accept-dns=false` cannot resolve host

Question - what is the proper way to configure DNS in an Azure VM so that Caddy can see Tailnet names?

Subquestion - Why does the Azure Linux VM KB say not to accept Tailscale DNS?

I’ve set up an Ubuntu 22.04.2 LTS VM in Azure using the direction in KB which says…

For Azure VMs it is generally best to let Azure handle the DNS configuration, not have Tailscale override it, so we added --accept-dns=false.

And I’m dutifully configuring tailscale with --advertise-routes=, --accept-dns=false .

On this VM, I wish to run code-server behind caddy, using the following reference - Coding on iPad using VSCode, Caddy, and code-server

My Caddyfile is as follows…

# bind to TS name for private use only.
    default_bind <machine-name>.<tailnet-name>

<machine-name>.<tailnet-name> {

The Caddy service fails to start and has the message
Status: "loading new config: http app module: start: listening on <machine-name>.<tailnet-name> listen tcp: lookup <machine-name>.<tailnet-name> on no such host"
This makes sense, I suppose, since I’ve told this machine not to accept the Tailscale DNS.

What’s the right way to handle this?

Further diagnostics

admin@test-dev:~$ resolvectl status
       Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (eth0)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server:
       DNS Servers:
        DNS Domain:

Link 4 (tailscale0)
Current Scopes: none
     Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

admin@test-dev:~$ resolvectl query test-dev
test-dev:                               -- link: eth0

-- Information acquired via protocol DNS in 54.5ms.
-- Data is authenticated: no; Data was acquired via local or encrypted transport: no
-- Data from: network

admin@test-dev:~$ resolvectl query resolve call failed: '' not found

Thank you in advance for your help