So that clarified it reads you’re all set if you just want the Beryl AX to pass packets transparently as a router while it handles DHCP tasks. Public Internet DNS queries are to be forwarded to Cloudflare.
I’d enable the toggles for DNS Rebind Attacks & Override DNS Settings for All Clients but that’s just me (GL GUI → Network → DNS). There’s ways malware & malicious actors can bypass your DNS provider.
That’s sage advice that applies to more than just technology.
I’ll never not recommend anyone to not have a diagram of one’s network topology. These things have a way of ‘growing tendrils’ over time.
… & always have a backup or three.