Your DHCP server (the router) is passing out its own IP for DNS rather than the IP of Pi-hole.
*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
Scanning all your interfaces for DHCP servers
Timeout: 10 seconds
* Received 300 bytes from eth0:192.168.2.1
Offered IP address: 192.168.2.203
Server IP address: N/A
Relay-agent IP address: N/A
BOOTP server: Speedport_Smart_3_010137.4.9.002.0
BOOTP file: (empty)
DHCP options:
Message type: DHCPOFFER (2)
server-identifier: 192.168.2.1
lease-time: 1814400 ( 21d )
renewal-time: 907200 ( 10d 12h )
rebinding-time: 1587600 ( 18d 9h )
netmask: 255.255.255.0
router: 192.168.2.1
dns-server: 192.168.2.1
domain-name: "speedport.ip"
--- end of options ---
* Received 300 bytes from wlan0:192.168.2.1
DHCPOFFER hardware address did not match our own - ignoring packet (not for us)
DHCPREQUEST chaddr: dc:a6:32:a0:42:e5 (our MAC address)
DHCPOFFER chaddr: dc:a6:32:a0:42:e4 (response MAC address)
DHCP packets received on interface eth0: 1
DHCP packets received on interface wlan0: 0
DHCP packets received on interface lo: 0
DHCP packets received on interface veth15c6f57: 0
DHCP packets received on interface docker0: 0
From a client where you are unable to access the domain s.to, what are the outputs of the following commands from the terminal or command prompt on that client (and not via ssh to the Pi):
nslookup s.to
nslookup s.to 192.168.2.212
nslookup s.to 8.8.8.8
Unrelated, but noted in your debug log - there are multiple domain entries similar to this. None of these will work properly, since https:// is never part of a domain name.
^https?://([A-Za-z0-9.-]*\.)?clicks\.beap\.bc\.yahoo\.com/