nevermind
I see: 'This will not work if your router has been configured to block all DNS requests except OpenDNS on Port 53.'
I don't know if that's relevant in this case. However, under the AiProtection page you'll see the DNS Filtering page.
If you set DNS Filtering to ON, and then set the Global Filtering Mode to, say, Router (there are also several third-party options eg OpenDNS Family as well as space for up to 3 custom specified ones of your choice), then every device is forced to use the router's specified DNS setting, regardless of what is set in the DNS properties in the network device's adapter settings.
You then have the option, in the client list at the bottom, to override that global filter for any specified device. As an example, my global DNS filtering is set to Router, in which, on my WAN page I specify my DNS server as 192.168.1.50, which is my local malicious-domain-blocking ("ad-blocking") Raspberry Pi. However, in my client list, I have set No Filtering for 192.168.1.50, otherwise the DNS requests get stuck in a loop and Internet access stops.
But I'm not sure exactly why the router can thereby override a device's adapter setting for DNS except that the request, if conventional i.e. has a socket address to port 53, I assume, and is easily intercepted by the router and re-addressed accordingly. I hope someone knowledgeable will comment on whether it's possible/feasible to defeat the router's DNS filtering by sending a DNS request to a server set to receive on a port other than 53, or perhaps by an encrypted DNS request.
The AiProtection DNS Filtering is a really handy feature, especially for someone like me who does not want to risk meddling in iptables and messing things up. By the way, a dummy is someone who doesn't question things or think deeper about what they see.