WhyNetworkAtAll
Occasional Visitor
Diversion is a software to blocks ads, with benefits for your router that are closely related to it.
Your idea, summarized as:
1. block any Internet access and
2. allow only limited domain resolution for a list of domains and
3. limit this to selected devices
This sounds like a job for a parental control software.
There are readily available options out there, one is already built into your router.
I don't agree with that. The default on the routers are broad category based so, for example, I couldn't disable Netflix without disabling Zoom (needed for online learning). Anyway, I went ahead and created Guiderails, which gives very tight whitelisting controls (like Safari with Screentime enabled on iOS/macOS). This lets one use Diversion as the network wide primary DNS and Guiderails as the auxiliary DNS for little kids studying online. Everything is built on top of dnsmasq. The actual logic was a few minutes but getting everything with Merlin's (excellent) framework was all new stuff for me.
I've announced Guiderails on a separate thread here and the GitHub page is here. @HairyA00 , you can check it out if you want.