Ok I feel like a dummy. So when I first got my whole setup working, I think it's accurate that my pihole didn't restart for about a year straight. So my symptoms were that after rebooting, I wasn't getting DNS resolution on my clients - they'd connect to my network and would fail to load any domains, and I couldn't see the web interface for the pihole either, but I could ssh into the pihole and the pihole said it was running fine. My router was set to be the DHCP server and it was successfully handing out a DNS server address that was set to my pihole.
Out of exasperation, I finally try to prove that one of my clients could see the pihole on port 53. And I could not see the pihole on port 53. But I could see it on port 22, and could ssh in. So I SSHed in and ran ufw allow 53 to ensure the port was open. And lo and behold, I started getting DNS on my network again! I did the same for port 80, and I could see the web dashboard again. So in conclusion, I was a real dummy when I first setup my pihole and was messing around with the firewall, probably unnecessarily, and what I finally ended up with that worked, did not stick after a restart.
So tl;dr if anyone else finds this, check your pihole's firewall
** EDIT **
I have so much to learn and internalize. So I just put that I wasn't sure about what I was seeing from nslookup still. But I was running nslookup from WSL2 on windows... and of course I knew that there's some networking magic that happens between the host and WSL2 so I did nslookup on windows command prompt instead and finally got the results I expected - which were different than what I see in WSL2.
So anyone else finding this, don't diagnose from a virtual machine... seems obvious yet here I am lol