Restrict all dns queries to local server only

I currently have all my DNS queries being restricted to only allow my router to send DNS responses. This way clients can't bypass my dns server by specifying their own DNS address.

config redirect 'dns_int'
        option name 'Intercept-DNS'
        option src 'lan'
        option src_dport '53'
        option family 'ipv4'
        option proto 'tcp udp'
        option target 'DNAT'
iptables-save -t nat | sed -e "/\s[DS]NAT\s/d;/\sMASQUERADE$/d" | ip6tables-restore -T nat

This works perfectly right now! My question is, is there a way I can let 1 particular client still have the ability to query external dns servers?

primary router/primary dns:
secondary ap/seconday dns:

I have a second router that's setup as a backup ap/dns server.


You can, but not from Luci.

Check the rules I have to allow Pihole to query internet.