Thank you for sharing the packet capture info. From that, I can see that macOS is sourcing the DNS request using the physical Interface and sends it to the tunnel DNS server which should not be happening, however there configs related to Split tunnel can make this happen.
To dig deeper, can you please provide the Pulse Client logs from both Windows and macOS for review (please share the download link to me via PM):
Pulse Client Logs:
1. Open Pulse Client. 2. File >> Logs >> Annotate >> "Windows/macOS" 3. File >> Logs >> Log level >> Detailed. 4. Replicate the issue i.e. try to go to www.elpais.com and capture the logs as soon as it works/fails. 5. File >> Logs >> Save as.