dns
Set the DNS processing mode.If the key is unspecified, default is used, unless /etc/resolv.conf is a symlink to /run/systemd/resolve/stub-resolv.conf, /run/systemd/resolve/resolv.conf, /lib/systemd/resolv.conf or /usr/lib/systemd/resolv.conf. In that case, systemd-resolved is chosen automatically.
default: NetworkManager will update /etc/resolv.conf to reflect the nameservers provided by currently active connections.
dnsmasq: NetworkManager will run dnsmasq as a local caching nameserver, using "Conditional Forwarding" if you are connected to a VPN, and then update resolv.conf to point to the local nameserver. It is possible to pass custom options to the dnsmasq instance by adding them to files in the "/etc/NetworkManager/dnsmasq.d/" directory. Note that when multiple upstream servers are available, dnsmasq will initially contact them in parallel and then use the fastest to respond, probing again other servers after some time. This behavior can be modified passing the 'all-servers' or 'strict-order' options to dnsmasq (see the manual page for more details).
Cannot repair my pihole. It states:
[✓] Update local cache of available packages
[i] Existing PHP installation detected : PHP version 7.3.19-1~deb10u1
[i] Repair option selected
[✓] Disk space check
[✓] Checking apt-get for upgraded packages... 12 updates available
[i] It is recommended to update your OS after installing the Pi-hole!
[i] Installer Dependency checks...
[i] Checking for dhcpcd5 (will be installed)
[✓] Checking for git
[✓] Checking for iproute2
[✓] Checking for whiptail
[✓] Checking for dnsutils
[i] Processing apt-get install(s) for: dhcpcd5, please wait...
------------------------------------------------------------------------------------------------------------------------
E: Package 'dhcpcd5' has no installation candidate
As for dnsmasq, looking at it now
Yeah was afraid of that.
EDIT: at least it wont get installed 
Delete the apt file you've created and run sudo apt update to revert.
but but but, that will reinstall dhcpcd5!
Ok, I am setting
sudo nano /etc/NetworkManager/NetworkManager.conf
[main]
plugins=ifupdown,keyfile
dns=none
Maybe it suffices to just disable dhcpcd5 so it wont conflict with NM:
sudo systemctl disable dhcpcd
EDIT: and also reboot to be sure and check:
sudo systemctl status dhcpcd
It is inactive indeed:
pi@raspberrypi:~ $ sudo systemctl status dhcpcd
● dhcpcd.service - dhcpcd on all interfaces
Loaded: loaded (/lib/systemd/system/dhcpcd.service; disabled; vendor preset:
Active: inactive (dead)
lines 1-3/3 (END)
So NM is still in charge, that is good. But pihole is still relying on dhcpcd?
However, pihole is still not running:
DNS service not running
and
FTL offline
As for dnsmasq and NM, I have added the dns=none in NM's conf and can no longer exit to the internet (because my VNC says that I am in Service mode so it does not resolve) 
Below even more powerfull as disabling:
sudo systemctl mask dhcpcd
Yes but dhcpcd cant interfere anymore.
Check with netstat if dnsmasq is really killed now.
Ok done it ( no idea how to delete the symlink afterwards) 
Pfff, no:
pi@raspberrypi:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:547 \|:471[1-8] '
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1075/lighttpd
tcp 0 0 192.168.0.39:53 0.0.0.0:* LISTEN 604/dnsmasq
tcp6 0 0 :::80 :::* LISTEN 1075/lighttpd
udp 0 0 192.168.0.39:53 0.0.0.0:* 604/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 604/dnsmasq
pi@ph5:~ $ man systemctl
[..]
mask UNIT...
Mask one or more units, as specified on the command line.
This will link these unit files to /dev/null, making it
impossible to start them. This is a stronger version of
disable, since it prohibits all kinds of activation of the
unit, including enablement and manual activation. Use this
option with care. This honors the --runtime option to only
mask temporarily until the next reboot of the system. The
--now option may be used to ensure that the units are also
stopped. This command expects valid unit names only, it
does not accept unit file paths.
unmask UNIT...
Unmask one or more unit files, as specified on the command
line. This will undo the effect of mask. This command
expects valid unit names only, it does not accept unit file
paths.
[..]
Need to kill it
Done 
pi@raspberrypi:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:547 \|:471[1-8] '
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1075/lighttpd
tcp 0 0 192.168.0.39:53 0.0.0.0:* LISTEN 1891/dnsmasq
tcp6 0 0 :::80 :::* LISTEN 1075/lighttpd
udp 0 0 192.168.0.39:53 0.0.0.0:* 1891/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 1891/dnsmasq
pi@raspberrypi:~ $ kill 1891
bash: kill: (1891) - Operation not permitted
pi@raspberrypi:~ $ sudo kill 1891
pi@raspberrypi:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:547 \|:471[1-8] '
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1075/lighttpd
tcp6 0 0 :::80 :::* LISTEN 1075/lighttpd
Start here up:
sudo systemctl restart pihole-FTL
And check netstat.
I think you did it:
pi@raspberrypi:~ $ sudo systemctl status pihole-FTL
● pihole-FTL.service - LSB: pihole-FTL daemon
Loaded: loaded (/etc/init.d/pihole-FTL; generated)
Active: active (exited) since Tue 2020-07-21 00:41:24 CEST; 3s ago
Docs: man:systemd-sysv-generator(8)
Process: 2294 ExecStart=/etc/init.d/pihole-FTL start (code=exited, status=0/SUCCESS)
Jul 21 00:41:24 raspberrypi systemd[1]: Starting LSB: pihole-FTL daemon...
Jul 21 00:41:24 raspberrypi pihole-FTL[2294]: Not running
Jul 21 00:41:24 raspberrypi su[2318]: (to pihole) root on none
Jul 21 00:41:24 raspberrypi su[2318]: pam_unix(su:session): session opened for user pihole by (uid=0)
Jul 21 00:41:24 raspberrypi pihole-FTL[2294]: FTL started!
Jul 21 00:41:24 raspberrypi su[2318]: pam_unix(su:session): session closed for user pihole
Jul 21 00:41:24 raspberrypi systemd[1]: Started LSB: pihole-FTL daemon.
pi@raspberrypi:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:547 \|:471[1-8] '
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:4711 0.0.0.0:* LISTEN 2326/pihole-FTL
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1075/lighttpd
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 2326/pihole-FTL
tcp6 0 0 ::1:4711 :::* LISTEN 2326/pihole-FTL
tcp6 0 0 :::80 :::* LISTEN 1075/lighttpd
tcp6 0 0 :::53 :::* LISTEN 2326/pihole-FTL
udp 0 0 0.0.0.0:53 0.0.0.0:* 2326/pihole-FTL
udp6 0 0 :::53 :::* 2326/pihole-FTL
Thats a healthy netstat:
pi@ph5:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:547 \|:471[1-8] '
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:4711 0.0.0.0:* LISTEN 7412/pihole-FTL
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 14030/lighttpd
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 7412/pihole-FTL
tcp6 0 0 ::1:4711 :::* LISTEN 7412/pihole-FTL
tcp6 0 0 :::80 :::* LISTEN 14030/lighttpd
tcp6 0 0 :::53 :::* LISTEN 7412/pihole-FTL
udp 0 0 0.0.0.0:53 0.0.0.0:* 7412/pihole-FTL
udp6 0 0 :::53 :::* 7412/pihole-FTL
So now I got to find how to be killing dnsmasq or not loading dnsmasq while booting up. Ok.
pi@raspberrypi:~ $ ps awx | grep dns
604 ? S 0:00 /usr/sbin/dnsmasq --conf-file=/dev/null --no-hosts --keep-in-foreground --bind-interfaces --except-interface=lo --clear-on-reload --strict-order --listen-address=192.168.0.39 --dhcp-range=192.168.0.48,192.168.0.254,60m --dhcp-option=option:router,192.168.0.39 --dhcp-lease-max=50 --dhcp-leasefile=/var/lib/NetworkManager/dnsmasq-eth0.leases --pid-file=/run/nm-dnsmasq-eth0.pid --conf-dir=/etc/NetworkManager/dnsmasq-shared.d
1822 pts/0 S+ 0:00 grep --color=auto dns
My guess is that NM is using the conf-dir=/etc/NetworkManager/dnsmasq-shared.d
sudo grep dns= -R /etc/NetworkManager/