diff --git a/apps/fc-llm-bridge/fc-llm-bridge.yaml b/apps/fc-llm-bridge/fc-llm-bridge.yaml
index 1ff5351..df080af 100644
--- a/apps/fc-llm-bridge/fc-llm-bridge.yaml
+++ b/apps/fc-llm-bridge/fc-llm-bridge.yaml
@@ -207,6 +207,17 @@ spec:
               port: 8080
             initialDelaySeconds: 15
             periodSeconds: 30
+      # Lower ndots so external FQDNs like api.anthropic.com are tried BEFORE
+      # the ndots:5 default expands them through the cluster search path, which
+      # includes iamworkin.lan. CoreDNS has a `template IN A iamworkin.lan`
+      # wildcard that answers `api.anthropic.com.iamworkin.lan` with the
+      # Traefik VIP, which then serves a TRAEFIK-DEFAULT-CERT TLS cert and
+      # breaks egress to the real Anthropic API (memory:
+      # feedback_coredns_ndots_template_collision, generalized to external DNS).
+      dnsConfig:
+        options:
+          - name: ndots
+            value: "2"
       volumes:
         - name: data
           persistentVolumeClaim: