Manual WAN DNS settings not resolving


I have a Pepwave MAX-BR1-LTE-E 4G modem (firmware 7.0.0 build 2445) that had a manual PPPoE ethernet WAN DNS forwarding issue. I am physically located in Dar es Salaam, Tanzania but use DNSFilter for Content Filtering which is based in the US. I manually set their DNS IPs in our WAN, then turned off our auto ISP DNS so that all requests go through DNSFilter. Browsing seemed to work find but eventually we noticed that was not resolving. This is major since over half our users are Office 365. Even nslookups would fail unless you coded in DNSFilter IPs. (i.e. nslookup vs. nslookup After contacting DNS Filter support, there was nothing on their end that would block this. At first, I thought it has something to do with DNS geolocation for Office 365, but that does not seem to be the case (see my resolution below). Because nslookup would resolve, I kept investigating. I turned on the ISP DNS in WAN Connection Settings and resolved. I turned that off again and turn on “Include Google Public DNS Servers” in Network->DNS Proxy Settings and once again resolved (note that in between setting changes I initiated ipconfig/flushdns and release/renew my LAN IP). During all of this I didn’t notice other resolving issues and there were no other DNS resolve error reported from other office staff. I made an effort to tell staff in office meetings to report any DNS errors as they encountered them. After 3 weeks it seems to only be for this domain (and Outlook clients have MAPI settings pointing to and they failed too). To resolve the issue, I set the WAN back manually to DNSFilter IPs and went to the DHCP settings for each of my four LAN networks (3 of which are VLANs) and configured the DNSFilter IP addresses directly in the DHCP settings so that the DNSFilter IPs would be set directly on the machines, as opposed to using WAN as a DNS forwarder. This worked. So the mystery is why only the address (that I know of) would not resolve after being forwarded to manual DNS settings in the WAN but yet WOULD work when using auto ISP DNS IPs in WAN? Could this be a fireware issue? I have this resolved, but thought I would mention this experience in case it helped at all.