Short summary of what I think is what you are asking for: Configure only specific blacklist/regex entries to redirect to a custom IP address. So, basically, local DNS/CNAME records but device-specific (e.g., through group management). This should also allow you to specify multiple targets.
Is this correct? Did I miss something?
I don't think what you are suggesting will work for the sketched purpose because of HTTPS being used virtually everywhere. If you are not very very lucky and the service is plain boring HTTP without any authentication, it may work. However, if they are indeed contacting 01.eu.status.com
no redirection will actually work because you will not be able to provide a valid SSL certificate for this domain. The success rate with self-signed certificates is dramatically decreasing because of the widespread use of certificate pinning.
No, because blacklist entries have no further details. The mere fact they are present on the list suffices to trigger a blocking. If we'd have to lookup the actual database record, this would be horribly slow (imagine huge blacklists) and may cause DNS resolution to cease on low-end devices.
This is one way, you can specify that device A uses Pi-hole A (which blocks to the wanted IP address) and device B uses Pi-hole B (which doesn't block). Or let device B use any other public DNS server. As you prefer.