Besides what others have said, another dead simple option is to use Nextdns: https://nextdns.io

Doesn't require running anything locally and supports various block rules and lists and allows you to enable full log retention if you want. I recommend it to non-techies as the easiest way to get something like pi-hole/dnscrypt-proxy. (but of course not being self-hosted has downsides)

edit: For Roku, DNS blocking like this only works if Roku doesn't use its own resolver. If it's like some Google devices it'll use 8.8.8.8 for DNS resolution ignoring your gateway/DHCP provided DNS server.

▲

ImPostingOnHN 11 hours ago | parent [-]

Seems like you could have a router or firewall mitm queries to e.g. 8.8.8.8 and potentially redirect/rewrite/respond

	▲	darkwater 8 hours ago \| parent \| next [-]
		I would not be surprised if Google TV devices will sooner than later start using DoH to 8.8.8.8
	▲	godelski 8 hours ago \| parent \| prev [-]
		I'm a noob at this, but can you do that when it is DoT or DoH? Like I thought the point of them is that you can't forget the DNS request. Even harder with oDoH, right? So does that really get around them?