S.O.B!
Found it everyone. It's not Pi-Hole it's (trumpets at the ready) AVAST Anti-Virus, so it's indirectly Windows.
Shows I have a route to a DNS (which isn't reported by Windows using ifconfig) controlled by Avast - which they call "Realsite"
I'm going to turn it off and see what happens because it's effectively bypassing all the protection I'm used to from PiHole (which is a lot, thanks to you folks). Ironically, I just got hammered by one of those phone hijack systems that pretends to be a "safe" site but connects you through their automated system and charges you a boatload.
So a lot of use that was! I'll let Avast know about this "bug" but I thought you folks would find this interesting. I don't know how safe "whatsmydnsserver" is but it didn't ask for anything special from me.