diff --git a/manifests/authentik/authentik-middleware.yaml b/manifests/authentik/authentik-middleware.yaml
index d55d49e..6454c4e 100644
--- a/manifests/authentik/authentik-middleware.yaml
+++ b/manifests/authentik/authentik-middleware.yaml
@@ -10,6 +10,12 @@ spec:
   forwardAuth:
     address: http://authentik-proxy-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
     trustForwardHeader: true
+    authRequestHeaders:
+      - Cookie
+      - X-Forwarded-Host
+      - X-Forwarded-Proto
+      - X-Forwarded-Uri
+      - X-Forwarded-For
     authResponseHeaders:
       - X-authentik-username
       - X-authentik-groups
diff --git a/manifests/core/coredns-custom.yaml b/manifests/core/coredns-custom.yaml
new file mode 100644
index 0000000..781273e
--- /dev/null
+++ b/manifests/core/coredns-custom.yaml
@@ -0,0 +1,15 @@
+# Apply: kubectl apply -f manifests/core/coredns-custom.yaml
+# Delete: kubectl delete -f manifests/core/coredns-custom.yaml
+# Description: CoreDNS custom ConfigMap to forward .home.arpa DNS queries to Pihole at 192.168.7.77.
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredns-custom
+  namespace: kube-system
+data:
+  home.arpa.server: |
+    home.arpa:53 {
+      errors
+      cache 30
+      forward . 192.168.7.77
+    }
diff --git a/manifests/network/traefik-dashboard-ingress.yaml b/manifests/network/traefik-dashboard-ingress.yaml
index 0c4f8a8..5ac7d76 100644
--- a/manifests/network/traefik-dashboard-ingress.yaml
+++ b/manifests/network/traefik-dashboard-ingress.yaml
@@ -9,6 +9,7 @@ metadata:
 spec:
   entryPoints:
     - websecure
+    - traefik
   routes:
     - match: Host(`traefik.home.arpa`) && PathPrefix(`/outpost.goauthentik.io`)
       kind: Rule