The bug happened when I had the DNS Proxy setting enabled:
I have a packet capture showing the cause of the bug - the IOT device was asking the peplink router for a DNS request (making a normal request over port 53) and the Peplink was saying that Port 53 was not reachable. Link to Packet Capture
After some series of steps (which included me paying with DNS settings, rebooting from 8.5.1 back to 8.4.1 and then back to 8.5.1) the problem went away.
My suspicion at this point is that there is some bug in firmware 8.5 and 8.5.1, possibly triggered only after upgrading from 8.4.x, where the Peplink gets confused and is denying DNS requests on a VLAN for some reason?