"fail.dnsp.co" is not a nameserver. It doesn't even exist. So, if you send it a DNS request and get any response at all - it means that something else is sniffing your traffic and intercepted that request.
Technically speaking, you can do this same test with any IP that you want (so long as it is not a nameserver), but for the purpose of this test I chose an RFC5737 address. This address space is reserved for documentation - it should prevent any poor IP owner from getting DNS spam from me. There is a possibility that the address I'm using might be blocked, if you suspect that might be the case then just try the any-ip-at-all approach.
prompt> dig @fail.dnsp.co www.google.com ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @fail.dnsp.co www.google.com ; (2 servers found) ;; global options: +cmd ;; connection timed out; no servers could be reached