A friend had a Roku and it had its own DNS hardcoded in. The only way around that was to firewall it on the router and redirect to the Pi-hole, but alas he lacked any hardware that could do that, so the Roku bypassed his Pi-hole all the time.
If you cannot leave the second DNS blank and cannot set it to another local IP, nor disable DHCP entirely, then speak with your ISP and get something else that's usable. Check your mobile devices and make sure they're not secretly adding Google's DNS in; for example the OPPO does that, also OnePlus.