I think that adding a ip whitelist for the pihole so you can use the pihole outside of your network without the risk of a DNS amplification attack would be great, or the ability to make a negative lookahead in regex so you can do the semi equivalent of a whitelist with limited capabilities.