What i wanna achieve is behavior of luci-adblock, just adding a big list of domains to blacklist so it wont resolve, except only for single device. And rest of the connected devices using the usual DNS (DoH on 127.0.0.1)
- Ive already blocked the net address ranges with ipset, this is a secondary measure.
- There are too many domains (entirety of facebook and affiliated domains) involved for dnsmasq-full <> ipset thing to be feasible (i think)
- The device in question has a static lease.
Ive been pulling my hair over this all night and would appreciate any pointers.