If client DNS is set to pi-hole's IP address
Since the client and pi-hole are in the same network, the DNS traffic is directly sent to the pihole and will not go through layer 3 (IP layer) of Gold. Therefore, DNS interception on Gold will not take effect and DNS-based features will not work.
If client DNS is set to Gold's LAN IP
DNS traffic from the client will first be sent to Gold. All kinds of DNS-based features will work and if the DNS cache is not hit on Gold, it will be further forwarded to pi-hole in the local network for resolution.
Don't want to set all client's DNS settings?
Here is an alternative way to make domain block work with pi-hole in the network:
Create another local network segment on the Firewalla Gold
Move the pi-hole to the newly created network
Change the DNS server in the old network's DHCP options to the new IP address of pi-hole
Never Change WAN DNS on Firewalla Gold to Pi-hole, unless you know what you are doing.
This way, all DNS traffic from other devices to pi-hole will go through Gold and DNS-based features will work