Advanced pref.dns.blocking.nxdomain should work consistently

[TPS]

Originally posted & quoting from #2798 (comment) onwards:

Another glitch: When using a hosts subscription for DNS-block, pref.dns.blocking.nxdomain (tried because of discussion in #1582) seems to be ineffective for domains set to ::, 127.0.0.1, or 0.0.0.0 — those don't get NXDOMAIN response per AG log.

@TPS, hi!
Looks like there is a mistake in description for pref.dns.blocking.nxdomain. NXDomain should be generated for regular filtering rules, not host rules. Thank you for the feedback, I'll fix this phrase.

Hosts subscriptions already indicate the IP address that needs to be returned

That makes sense when using hosts as originally intended, but adblockers don't do that. I suppose if y'all want to support the former (as rare as that might be), that'd be fine, but isn't the major use by AG purely adblock? Then wouldn't it make sense to be consistent in the DNS-based blocking behavior, especially for an advanced toggle which (currently) isn't the default behavior?

[ameshkov]

@admitrevskiy also due to #2851, I suppose that we should keep NXDOMAIN set to true by default.

So the task is:

1. Make pref.dns.blocking.nxdomain enabled by default
2. If it's enabled, all blocking needs to be done with NXDOMAIN
3. If it's disabled, all blocking needs to be done with "null IP"

[TPS]

@ameshkov, @admitrevskiy: I think the new pref options are virtually perfect, but I've a question re: the wording: if I leave pref.dns.blocking.type @ the current default of 1, does that mean if there's an assigned IP in subscribed hosts (other than 0.0.0.0, 127.0.0.1, ::, &c), it'll not be used⁈

[admitrevskiy]

@TPS hi!
Yes, you're absolutely right. Please select 0 or 2 to use assigned IP for DNS filtering.

[admitrevskiy]

Done.

Testing instructions for QA:

• Reinstall AG
• Enable DNS filtering
• Add two DNS user rules: ||example.com^ and 0.0.0.0 example.org
• Go to example.com and example org
• Examine filtering log: both requests should be blocked with NXDomain response
• Go to Low-level settings
• Change pref.dns.blocking.type to 0
• Visit example.com and example.org
• Examine filtering log: example.com should be blocked with NXDomain response; example.org should be blocked with 0.0.0.0 IP response for A and with [::] for AAAA requests
• Go to Low-level settings
• Change pref.dns.blocking.type to 2
• Visit example.com and example.org
• Examine filtering log: both requests should be blocked with 0.0.0.0IP response for A and with[::]` for AAAA requests

[TPS]

@admitrevskiy I think there needs to be (for those few folks who use such) a way to generally use NXDOMAIN for blocked/null IPs & the otherwise hosts-assigned IPs, though I dunno whether that should be a (default) modified option № 1, or a new option № 3.