I apologize if this topic is out of scope for Pihole, since it might involve scanning and decrypting of network traffic. I have read some of the past discussions and Feature Requests regarding “new” ways used by developers as means of fighting DNS blockers like Pihole. These included topics of DNS over HTTPS and using blocklists of newly created domains.
The “new” ways are already 5-6 years old and it would be interesting to hear if there is anyone who looked into remediation of similar manipulation of DNS requests by exploiting other web applications. The table below is based on a research paper that examined malware samples:
