[Feature Request] Add option to return NXDOMAIN response

[mirfatif]

Is your feature request related to a problem?

No.

Describe the solution you'd like

In addition to refused, hinfo or IP responses, can we get NXDOMAIN with configurable TTL and SOA.MINIMUM field?

Alternatives you've considered

Ad blockers like AdGuard and others provide similar option: AdguardTeam/AdguardForAndroid#2847 (comment)

Who will that feature be useful to?

It's just mprovement.

What have you done already?

Nothing.

What are you going to contribute?

Sorry I'm not capable of that.

Additional context

[jedisct1]

This is a bad idea.

It is perfectly valid to block example.com and not api.example.com (using whitelisting or the = prefix in the blacklist).

But returning NXDOMAIN to a query for example.com would suggests to the client that *.example.com doesn't exist. A caching resolver in front of dnscrypt-proxy would cache that information, and return NXDOMAIN for api.example.com. A 0 TTL wouldn't help much with resolvers (ex: MacOS built-in stub resolver) enforcing a minimum TTL.

[mirfatif]

@jedisct1 alright. May be not a good idea practically, but I had to run dnsmasq just for this while doing some testing. dnsmasq --address=/example.com/ returns NXDOMAIN. Somewhat similar idea is pdnsd-ctl neg example.com ... which doesn't always block all subdomains, if I understand correctly.