This is what I have. PiHole (DNS) is non-DNSSEC and IPFire (DNS) has DNSSEC enabled.
no managed switches. I am using a Netgear GS-116 Unmanaged Switch.
Get pi-hole to work as expected on the green network first.
I’m not sure I understand your issue besides all is OK with OPNsense or OpenWRT and doesn’t work with IPFIre.
I’ve never used these before so I don’t know why the difference.