The most common way to block DoH in OpenWRT would be using BanIP.
However, the DoH blocklists would include 8.8.8.8, so if your OpenWRT were blocking DoH, then you would not be able to access 8.8.8.8 either, which doesn't seem to be the case here
I'd suggest the following test to narrow down the scope of the problem, preferably not performed on your OpenWRT but on a machine connected to the LAN side.
Attempt to directly use Apple nameservers to resolve the query and see what happens.
$ nslookup
> set type=NS
> icloud.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
icloud.com nameserver = a.ns.apple.com.
icloud.com nameserver = c.ns.apple.com.
icloud.com nameserver = b.ns.apple.com.
icloud.com nameserver = d.ns.apple.com.
Authoritative answers can be found from:
a.ns.apple.com internet address = 17.253.200.1
b.ns.apple.com internet address = 17.253.207.1
c.ns.apple.com internet address = 204.19.119.1
d.ns.apple.com internet address = 204.26.57.1
a.ns.apple.com has AAAA address 2620:149:ae0::53
b.ns.apple.com has AAAA address 2620:149:ae7::53
c.ns.apple.com has AAAA address 2620:171:800:714::1
d.ns.apple.com has AAAA address 2620:171:801:714::1
> server a.ns.apple.com
Default server: a.ns.apple.com
Address: 17.253.200.1#53
Default server: a.ns.apple.com
Address: 2620:149:ae0::53#53
> mask.icloud.com
Server: a.ns.apple.com
Address: 17.253.200.1#53
mask.icloud.com canonical name = mask.apple-dns.net.
> mask.apple-dns.net
Server: a.ns.apple.com
Address: 17.253.200.1#53
Non-authoritative answer:
*** Can't find mask.apple-dns.net: No answer
Authoritative answers can be found from:
mask.apple-dns.net nameserver = ns-1462.awsdns-54.org.
mask.apple-dns.net nameserver = ns-49.awsdns-06.com.
mask.apple-dns.net nameserver = ns-1737.awsdns-25.co.uk.
mask.apple-dns.net nameserver = ns-781.awsdns-33.net.
> server ns-1462.awsdns-54.org
Default server: ns-1462.awsdns-54.org
Address: 205.251.197.182#53
Default server: ns-1462.awsdns-54.org
Address: 2600:9000:5305:b600::1#53
> mask.apple-dns.net
Server: ns-1462.awsdns-54.org
Address: 205.251.197.182#53
mask.apple-dns.net nameserver = ns-1462.awsdns-54.org.
mask.apple-dns.net nameserver = ns-1737.awsdns-25.co.uk.
mask.apple-dns.net nameserver = ns-49.awsdns-06.com.
mask.apple-dns.net nameserver = ns-781.awsdns-33.net.
I'm getting quite confusing results now. I was able to edit the title once but it does not let me edit again. Please change it back to the earlier non-obnoxious one.