Oh god, oh god, oh god.
I can only urge you very very very strongly to never break a TLS connection. Never use DNS servers that you do not trust and certainly refrain from using any software like Pi-Hole where the authors do not even understand how badly they are breaking DNSSEC.
We are spending a lot of time here at IPFire to make things as secure as we can. Please do not break it with such bad decisions. At least be aware of what you are doing.
Use the proxy in non-transparent mode. That is all you will need. On top of that, you can enable Safe Search which will come with the next update.