Pi-Hole and IPFire, which way round?

This is what I have. PiHole (DNS) is non-DNSSEC and IPFire (DNS) has DNSSEC enabled.

no managed switches. I am using a Netgear GS-116 Unmanaged Switch.

Get pi-hole to work as expected on the green network first.

I’m not sure I understand your issue besides all is OK with OPNsense or OpenWRT and doesn’t work with IPFIre.

I’ve never used these before so I don’t know why the difference.