I would think this should work. Or dig, or ping. I don’t understand why nslookup is complaining that it can’t find hello.http.ziti AND it seems to have found an address for it (100.64.0.1). nslookup and dig play some tricks and don’t necessarily respect the host’s resolver configuration. System utilities like ping do.
You can force nslooup and dig to use a specific DNS server. Assuming your router DNS server is using the default address 127.0.0.1:53, you could also try this:
nslookup hello.http.ziti 127.0.0.1
dig hello.http.ziti @127.0.0.1
edit: Oh, and if the lookup still fails when you’re pointing directly at the DNS server, make sure the router is actually aware of the service. One way to do this is with the ziti CLI policy advisor command:
ziti edge policy-advisor services hello.http
And make sure the row for your intercepting router’s identity contains “Dial: Y”