This might be a corner case but have faced it and that caused bigger issue hence trying to find out how to approach the problem in the best way.
The Pihole dnsmasq component is set to query is set to query specific server in case of given domain: server=/privatedomain/192.168.5.5
That server is sometimes not responding in time (as connection depends on the VPN and couple of other details.
In such case, Pihole shouldn't respond to queries about hosts within this domain with it's own IP but simply return "not found: 3(NXDOMAIN)", unfortunately with default setup it comes back with it's local IP as it would be the case for blocking the ad host (just an educated guess from my end).
How get Pihole to behave?
Problems... well cause it redirects to local web server it causes all set of other issues in apps using servers via web on the other end up to the point forcing to remove cache from within the app which is painful to say at least for typical mobile user.
@ jfb, appreciate suggestion though question is how to make sure that in case of unsolvable (NXDOMAIN) host/fqdn, Pi doesn't provide response with it's own IP, but in fact provides exactly the NXDOMAIN.
This is outside of Ad blocking portion and settings which are fine for hosts it can resolve.
Expected behavior is the least misleading and most effective in any type of scenario.
@ Coro - would you mind please to expand on the thought? Just to be clear from my end - I don't want to alter Pihole functionality for Ad blocking as for existing fqdn which Pihole can resolve and is for the Ad server - it is correct to replace it with Pihole IP, but not for fqdn Pihole itself can't resolve as in such case it should respond with NXDOMAIN.
Question then is open why it didn't return NXDOMAIN for the fqdn for which it could not resolve it to anything, even in the worst case 0.0.0.0?
Where to look for the issue - in which area of configuration (dnsmasq?)