im not entirely worried about the occasional stray device trying to bypass with doh or somthing, at least its using encrypted dns, but id like to make sure as many devices behind the network are adblocked as possible.
Based on the network and dhcp configs you posted, the router should be using its own dnsmasq (127.0.0.1 in resolv.conf) and dnsmasq should be pointing to your ISP's DNS servers provided by wan DHCP (check /tmp/resolv.conf.d/resolv.conf.auto). If that file is empty, that could explain your issues.
Using an external pihole dns resolver is not very common, so you may need to have some patience before people who have enough expertise to help you respond. @dave14305 is definitely one of them, I am definitely not.
If you want to have config backup while experimenting, just copy your config files:
mkdir -p /root/cfg-backup
cp /etc/config/dhcp /root/cfg-backup/
cp /etc/config/firewall /root/cfg-backup/
cp /etc/config/network /root/cfg-backup/
To restore the backup versions:
cp /root/cfg-backup/dhcp /etc/config/
cp /root/cfg-backup/firewall /etc/config/
cp /root/cfg-backup/network /etc/config/
And restart the services:
service network restart
service firewall restart
service dhcp restart
hey this is cool as heck, that will save me dropping to default whenever i break it (i have my initial install down to like 5 minutes start to end lol)
i totally hear you about the patience thing, i have an abundance, i just keep adding data as i think of it. im not the greatest at figuring out how to ask the correct questions to get myself in the direction i actually want to go.