Obvious point but when using wireshark make sure you’re checking the traffic between pihole and 220.127.116.11 and not between your local host and pihole (which will always be unencrypted unless you use DoH in Firefox, but that defeats the purpose of having pihole). The best way to do this is get a tcpdump on your pihole or router and pipe it back into wireshark for analysis.
Also, again obvious, make sure your client is using your pihole IP only for DNS and isn’t also set up with 18.104.22.168 as secondary. Purging the DNS cache (manually or just via a reboot) will also be necessary as you test between changes.
Personally I prefer to use the tool
cloudflared to provide the DoH ‘bridge’. If you continue to have trouble consider trying that. It’s awesome and there’s plenty of guides looking regarding integrating it into a pihole setup.