The normal behavior is containers are configured to point to 169.254.169.250, which the dns container listens on; it answers things for service discovery locally and recurses to the public resolver configured on the host for other names.
All that is happening, but the dns container can’t talk to the public server. It’s not clear why it can’t but your own container can.