A sibling comment says "just use Pi-hole" which kind of works and is also inadequate. A similar system is Ad Guard Home. These work at the DNS level with preset lists of bad domains. They aren't necessarily going to catch your TV calling out to notanadserver.samsung.com because that domain name is not recorded in the list of naughty domains. They are definitely not going to help if your device reaches out via IP.

Another approach is to disallow all DNS or only allow *.netflix.com for the TV. In my experience attempting to only allow certain domains is a game of whackamole where everyone in the house complains their stuff is broken because it needs undocumentedrandomdomain.com.

>Another approach is to disallow all DNS or only allow *.netflix.com for the TV. In my experience attempting to only allow certain domains is a game of whackamole where everyone in the house complains their stuff is broken because it needs undocumentedrandomdomain.com.

...not to mention that apps have random third party SDKs that are required, and might not work if you block those domains. A/B testing/feature flags SDKs, and DRMs (for provisioning keys) come to mind.