We just upstreamed our patch to quinn-rs that pads Datagrams to MTU: https://github.com/quinn-rs/quinn/pull/2274
Actually, some DPIs just straight-up reject UDP (and since DNS and NTP are UDP-based*, just straight-up interception-and-redirect).
* TCP DNS exists but practically not used for most "normal" tasks, and at this point the censor is trying to block anything anyways.