Also, this doesn't resolved the non sequitur in the OP. It claims there might be DNS blocking, not deep packet inspection. Also cloudflare has encrypted client hello turned on by default and the only domain that shows up for https connections in this case is cloudflare-ech.com, so if any Cloudflare website is whitelisted it would have to allow this domain, and consequently any other Cloudflare website.