I have 2 Pi-hole I want to implement on my home network.
here's my network layout. What would be the best way to setup everything?

LAN- 192.168.4.0 - home network
DNS 1 - 192.168.4.200 -Pi-hole#1
DNS 2 - 192.168.4.201 -Pi-hole#2
=========================
VLAN IOT - 10.0.20.0/24
DNS 1 - 8.8.8.8
DNS 2 - 8.8.4.4

Do I do this?
-- just add the DNS entry in the DHCP Network settings
-- Under DNS Settings do I put the Pi-hole addresses or the server IP addresses?
-- How to I handle port#53?

Setting your dns servers in the dns settings will tell RouterOS to resolve anything that it needs to those servers.
If no entry configured in dhcp network settings the dhcp client will get the router ip as dns server if allow incoming requests is enabled or will get the dns server adresses you configured in your dns settings if the allow incoming requests is disabled.
If you configure something in the dns entry on the dhcp network settings then will force clients to get those dns servers rather than the router ip or the dns servers you configured in ip dns settings of your router.
What you mean by: How to handle port 53?

What you mean by: How to handle port 53?

I read in the forums that a firewall filter to block external DNS queries to port 53 and force pi-hole to resolve the queries.

Your suggestion to setup in the dhcp network is what I want to do.
Thanks

Yes in firewall a rule in input chain from WAN interfaces to drop everything on port 53 TCP/UDP is necessary if a general default rules are removed. If default rules are present no additional rules are necessary because those that are not accepted by an accept rule are droped by default.
To force traffic is not necessary when you are in control of the client devices. If you aren't and want to force clients to resolve to your server you have to use a dst nat rule. I prefer to avoid this method anyway. If clients set some dns servers like google and the browser supports use of secure DNS, your servers will be bypassed anyway. Basically if you are not in control of client devices now days you can't force some things. Being in control of client devices you can prevent the user from being able to change DNS servers

Everything works except one thing.
Right now, I've DNS servers are setup under DHCP Networks and my LAN and VLAN works fine.
The DNS settings under IP is blank.
The issue I see, System --> Package can't connect to internet for update.
I resolved this by adding DNS entry in DNS settings menu.

The question is, if I'm adding an entry in DNS setting, I'm I forcing LAN and VLAN to use this DNS instead of what's in DHCP network?

If you configure something in the dns entry on the dhcp network settings then will force clients to get those dns servers

No, clients will get what configured in dhcp network. Router can have any other dns server configured for it self queries and also the option allow incoming requests its not necessary in this case