Seems you also need the "bind-interfaces" directive:
pi@noads:~ $ cat /etc/dnsmasq.d/99-my-settings.conf
listen-address=::1,127.0.0.1,10.0.0.2
bind-interfaces
pi@noads:~ $ sudo systemctl restart pihole-FTL`
pi@noads:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471'
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:4711 0.0.0.0:* LISTEN 20645/pihole-FTL
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 8101/lighttpd
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 20645/pihole-FTL
tcp 0 0 10.0.0.2:53 0.0.0.0:* LISTEN 20645/pihole-FTL
tcp6 0 0 ::1:4711 :::* LISTEN 20645/pihole-FTL
tcp6 0 0 :::80 :::* LISTEN 8101/lighttpd
tcp6 0 0 ::1:53 :::* LISTEN 20645/pihole-FTL
udp 0 0 127.0.0.1:53 0.0.0.0:* 20645/pihole-FTL
udp 0 0 10.0.0.2:53 0.0.0.0:* 20645/pihole-FTL
udp 0 0 0.0.0.0:67 0.0.0.0:* 20645/pihole-FTL
udp6 0 0 ::1:53 :::* 20645/pihole-FTL
From the man page:
-z, --bind-interfaces
On systems which support it, dnsmasq binds the wildcard address, even when
it is listening on only some interfaces. It then discards requests that it
shouldn't reply to. This has the advantage of working even when interfaces
come and go and change address. This option forces dnsmasq to really bind
only the interfaces it is listening on. About the only time when this is
useful is when running another nameserver (or another instance of dnsmasq)
on the same machine. Setting this option also enables multiple instances
of dnsmasq which provide DHCP service to run in the same machine.