To be fair though, being able to MITM the DNS is kind of a massive security hole. One you are abusing in a productive way but one that many others abuse in very non-productive ways.
I don’t think that is fair at all. It is architecturally appropriate for every site to run DNS resolvers and most of them do outside of the residential space. This isn’t a man in the middle attack and selectively blocking queries according to local preferences doesn’t make it one.
