Well really not an expert, just a poor developer that is sometimes limited by an OS, so please just see here some food for thoughts and return of experiences.
This is my third modules with docker, piler, discourse, pihole. At least now I was frightened by aqua our internal network like we could create I think a billion more. The last module piler learnt me a lot of things on docker. First docker compose, a kind of orchestrator, When you have three containers you must pop up at the good time for starting and stopping moment. We can handle docker-compose with a systemd service on NS.
The second things is that you must not be worried about using aqua, it is really faster than macvlan or aeria, obviously you have an internal IP not reachable but a reverse proxy (with our apache module) does the job, after all for piler, even for pihole, our server can forward its request to aqua.
So in short for pihole, use the DNS of NS by DHCP for your laptop, set the DNS of NS to pihole, in pihole set the DNS you want (eg, 9.9.9.9, 8.8.8.8…)
Everybody in your network will use by dhcp pihole. faster than with macvlan
I think that my next module could be traefic, it can find itself with a tag the relevant IP of a container, actually we have to start a static IP for a container, it could be blocking point if you need to scale your docker application.