[avidiax]

It could be that they allow any HTTP/HTTPS request that has

  Host: acwifi.com

regardless of whether the IP address destination of the request is valid for acwifi.com.

You see these sorts of shenanigans being used to get around country-wide firewalls. Plenty of deep packet inspection is unable to handle edge cases like the "Host:" header being misleading, having it fragmented into two TCP packets, etc. See "domain fronting".

[mixdup]

it's extremely unlikely that the plane wifi would be configured that way. trying to use a host file to make github.com respond on acwifi.com was definitely a red herring. It led to figuring out 53 was open, but was definitely not how the filtering was working

[NoahZuniga]

Also, this doesn't resolved the non sequitur in the OP. It claims there might be DNS blocking, not deep packet inspection. Also cloudflare has encrypted client hello turned on by default and the only domain that shows up for https connections in this case is cloudflare-ech.com, so if any Cloudflare website is whitelisted it would have to allow this domain, and consequently any other Cloudflare website.