Hmm, caching has never caused problems with split DNS for me, but it’s really hard to debug what was going on with your setup. Split DNS is really common and is the preferred way to solve this, so most browsers have logic to handle it. You might have had something misconfigured, but unfortunately it’s really hard to diagnose.
AKA, split DNS. Doing it this way is a bit cleaner than hairpin NAT as mentioned in other comments, but both options work fine in a home network.
Hardware backdoors are also possible in the silicon, and are probably some of the most dangerous. Fortunately also probably some of the most sophisticated and difficult to introduce.
Not fully, there are still places a backdoor could be hidden (and that’s disregarding the possibility of backdoors in OpenWRT, which just recently fended off its own supply chain attack), but I’d sure trust it more.
The thing to keep in mind is that the more sophisticated and difficult to detect a backdoor is, the more valuable it is. And therefore, the less likely it is to ever be used against a normal person. So getting rid of blatantly buggy and insecure software, which TP-Link unfortunately has a bit of a reputation for, goes a long way. And not to pick on TP-Link, evidence suggests many/most home routers are riddled with vulnerabilities.
Impossible to say, could be the app is doing something funky, could be iOS, could be lotta things.
I will note, my preferred solution is to do none of the above, and I only do split DNS for one particular service. I much prefer just using an always on Wireguard VPN that is set to only route traffic to my internal subnets and to use my internal DNS server. Then I just use internal names. Wireguard basically runs at line rate on my setup, so half the time I don’t even turn it off at home. This also gives you the option to use DNS ad blocking (eg adguard) on the go.