Pi-hole's Conditional Forwarding is unrelated to blocking, and it doesn't affect which DNS server your Windows workstations would use.
Your router's DHCP server is distributing two local DNS servers:
*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
Scanning all your interfaces for DHCP servers
* Received 351 bytes from eth0:192.168.1.1
Offered IP address: 192.168.1.129
DHCP options:
Message type: DHCPOFFER (2)
router: 192.168.1.1
dns-server: 192.168.1.8
dns-server: 192.168.1.127
192.168.1.8
is your Pi-hole host.
That machine has to be the sole DNS server for your network.
Right now, clients may by-pass your Pi-hole via 192.168.1.127
Your clients are creating those queries, Pi-hole just answers them.
And in your case, your debug log shows you've configured a loop by having your Pi-hole forward allowed DNS queries to a host that in turn uses Pi-hole for DNS, which would amplify your query count.
*** [ DIAGNOSING ]: Pi-hole log
-rw-r----- 1 pihole pihole 11M Mar 6 04:19 /var/log/pihole/pihole.log
-----head of pihole.log------
Mar 6 00:00:08 dnsmasq[783]: query[PTR] 185.1.168.192.in-addr.arpa from 192.168.1.17
Mar 6 00:00:08 dnsmasq[783]: forwarded 185.1.168.192.in-addr.arpa to 192.168.1.17
Enabling Pi-hole's Conditional Forwarding closed that loop.
For the time being, you should disable it, or configure your 192.168.1.17
to not use Pi-hole for DNS.
You should perhaps consider adjusting your local DNS resoluton chain, e.g. like
client -> Pi-hole -> AD -> public DNS
Also, you may be affected by a specific misbehaviour of certain Apple devices, which relentlessly send out service discovery requests under unclear circumstances (like the lb._dns-sd._udp.xxx
ones appearing in your debug log).