Redirect hardcoded DNS queries to Pihole

[nightcustard]

Hi
I've got an 8900AX2400 running firmware 2.52.d41 I have set up the router to redirect DNS queries to a Pihole on my LAN and that works fine. However, some devices have burned-in DNS addresses which effectively bypass the Pihole (Google Chromesticks and Home devices are examples). Is there a way on the 8900 router to force these devices to use the Pihole for DNS lookups?
I've seen a number of solutions on the web, using iptables and masquerade and some using the capabilities built in to various routers' firewalls - it's this latter I'd like some help with.
What I've done so far: Set up two outgoing IP filters (covering all internal IP addresses apart from the Pihole's) - I couldn't see a way to exclude the Pihole's address so just set up two filters: 192.168.1.1 to 192.168.1.109 & 192.168.1.111 to 192.168.1.254 (the Pihole's address is 110), blocking destination port 53 in both filters. This works except the Google devices can't resolve addresses - I need to fool them into thinking their query to 8.8.8.8 (for example) has been successful and I can't see a way to do this on the 8900. Has anyone any suggestions?
[Edit 2nd May]
It appears my Google devices do actually work with the above set up - the 8900's log shows their direct 8.8.8.8 DNS look-ups being blocked, so I can only conclude these devices fallback to the router-defined DNS server address (in this case the Pihole). I still would like to know if the 8900 is capable of spoofing direct DNS lookups, just in case....
[Edit 8th June]
Rather late in the day and somewhat embarrassingly I discovered the 8900 terminal interface permits the use of iptables and ifconfig commands (I'd assumed it only supported the commands which are listed in response to '?'). Silly me! Lesson: do your research properly before posting on forums....