When the HomeKit integration is enabled, Eero adds itself to the list of DNS servers (as the first entry so clients will use the Eero to make all DNS requests). This is the case for the default DNS setup or when you use the custom setup. This is a security feature (perhaps requirement) to further lockdown HomeKit hubs, I'm told. It also acts as a local caching DNS server from what I can tell.

I do not want that for my non-HomeKit devices (like my iPhones or Macs/PCs). I want to use my own add blocking DNS server (PiHole in my case but could be anything). For this reason I ended up disabling HomeKit integration. It was either have the integration or have my ad blocking. Sure, I could manually configure all my devices to use my DNS server but I'm not about to do that, it's a maintenance nightmare.

*** As an aside (probably a feature request) Why list any of the additional DNS servers? Should't it only be the Eero? Not a big deal for me but doesn't make sense if the argument is that this is for security and all DNS requests have to go though the Eero because a hub could easily use other DNS servers in the list