Are all browsers configured to use the same dns servers, all on dot\doh? Have you verified they are consistently not blocking those servers? Are they all configured to not revert to default servers on failed attempts? Perhaps there is longer lasting dns caches in some of your software. What about proxy settings?
I’m just throwing stuff on the wall here.
How do we get more mass surveillance? I know! Lets make up a reason why we should implement it. Children!