Chris is correct:
Your observation indicates that clients are by-passing Pi-hole.
This often happens if your browser enables DNS-over-HTTPS.
But in your case, as your nslookup results do not return the expected results, even when you explicitly request resolution via DNS root servers, that would mean that this is done by redirecting DNS requests.
Forceful redirection of DNS requests can be done by software on your client, your router or your ISP (e.g. if you subscribed to ISP-side parental control services), and it would also be common for VPN service providers (in an effort to prevent DNS leakages).
You probably should check all of those potential sources, but start with:
Indeed, the last time I saw WoodyNet appearing in a forum report here, that was due to an antivirus software package enabling a feature named Avast RealSite.
If you are runnng some antivirus, you should disable its DNS service features when running with Pi-hole.