I'm running pfSense with a DNS resolver and have a fairly extensive local network that has entries in my DNS resolver for resolving internal addresses.
I want to use PiHole on the side bc the family has complained about other ad blocking that was centralized inside of or issued by pfSense.
This way, I can point my DNS on my devices to PH and remove ads. If they want to deal with ads they can.
I'm expecting this to be simple:
If any DNS is pointed to PH, PH becomes the DNS resolver, but with a custom resolver list:
1.1.1.1
8.8.8.8
192.168.1.1
If lookups fail to the first 2 (which they will for local addresses), then 192.168.1.1 resolves those.
I don't want to have to copy what I have in my own site-wide DNS into the local DNS entries in PH.
Why can't it be this simple? Isn't this how DNS resolution is supposed to work to begin with?
Pi-hole has no impact on the order of DNS servers - its the clients that would decide on that.
If you present a client with a set of DNS servers, it may use any of them for a given DNS request at its own discretion, i.e. its the client OS's network name resolution stack that makes the decision if and which DNS server to use for a given request.
This means there is no guarantee that your client will send a given DNS request to 1.1.1.1 first before trying the others (unless you'd be able to enforce that by configuring your client OS's name resolution process).
You are correct in assuming that it if a DNS request to a chosen DNS server would fail, resolution would be attempted with another DNS server.
However, your 1.1.1.1 or 8.8.8.8 would not fail DNS resolution for a name that is only known locally.
Rather, they would provide a both correct as well as valid reply of NXDOMAIN, as the requested domain name doesn't exist in public DNS.
Do I understand you correctly that you want your family's devices to be able to resolve Local DNS records as defined via Pi-hole's UI, but without being filtered?
Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal: