I saw this feature request and feel that it is worth my adding a comment here rather than a brand new one.
I have recently become interested in pi-hole - or something like it - as a possible delivery mechanism for RPZ in the SOHO user space (disclosure I work for a company - ThreatSTOP - that does DNS Firewalling and offers a commercial DNS service blocking malware ).
So let me start with a quick description of RPZ as it is implemented by Bind and other DNS servers. RPZ is a way to change the DNS response to a request for a domain that hits certain criteria. One of the responses can be NXDOMAIN (i.e. no answer) other options include an A record (which is more or less what pi-hole does), a CNAME redirect (redirect bad.domain to warning.page) and some others including (PASSTHRU - i.e. no action). RPZ is also a mechanism for transferring block/redirect data to remote DNS servers using zone transfers with an automatic update timer (the zone TTL).
Note that RPZ can have rules that act not just on the domain name, but also the IP address it resolves to (and on the domain’s nameserver names/ip addresses).
It seems to me that pihole could usefully benefit from some of the features of RPZ not just the NXDOMAIN vs redirect thing.
Firstly a number of organizations make block data available as an RPZ. Some of these are free, some (e.g. ours) are paid products. It would be worth writing code to allow those sources to be imported into pihole (the code for retrieving and importing domain data is literally a few lines of shell/sed script plus the dig command).
Secondly it would be useful to have the “act on IP address” capability as well as domain capability. Since you are hacking dnsmasq you might want to consider adding this?
Thirdly and relatedly while the load of serving a default “blocked” webpage instead of nothing is not that great for a single user, at a larger, enterprise scale, it can be - especially if the page is being served to a bot that is trying unsuccessfully to call home.