How to enable DNS name feature in whitelist-only Windows firewall?

These days, TCP 53 is also recommended for DNS. It's the fallback if there's some issue with the UDP packet transmission and is used for some kinds of queries. I believe MSFT is moving to TCP as the default protocol for DNS queries (with UDP still available), but I don't know if that's actually the case yet or which OS versions may be affected.

Blocking all outbound is quite unusual. I'd suggest enabling all rules in the Core Networking group both inbound and outbound that apply to All/Any profiles (i.e. not including the Core Networking rules for the "Domain" profile, if your machine isn't domain-joined).

Those rules aren't for application/service access, but more for traffic status and such. You can identify them with the following Powershell:

# To view
Get-Netfirewallrule -DisplayGroup "Core Networking" | where {$_.profile -eq "Any" -and $_.enabled -eq $false}
# To enable all in "Core Networking"
Get-Netfirewallrule -DisplayGroup "Core Networking" | where {$_.profile -eq "Any" -and $_.enabled -eq $false} | Enable-NetFirewallRule

If enabling TCP 53 doesn't solve the DNS issue, I definitely recommend enabling the above and see if that helps. If it does help, it should be easy enough to prune unwanted rules from there.

Also, if you don't want to bother troubleshooting with a packet capture tool, you could enable the "Dropped Packets" text log - default location for the log is %systemroot%\system32\LogFiles\Firewall\pfirewall.log. Instructions to enable it (including with netsh advfirewall commands) are on the Microsoft site.