> usually around Active Directory implementations where brain-damaged people have named the AD domain the same as a public Internet domain name
I don't like this one either, but often it is inherited from the past from other people and it is not going to change.
On the other hand, split-horizon DNS is going to stay with us, even if the AD domain is a subdomain of the public one. Records in the internal zone are not going to become public anytime soon.
We're working on exceptions support, which would allow specific domains to be looked up via DNS instead of DoH. In that case, mirroring a blackhole list to the exceptions support would result in what you want (I mean, if I understand what you're asking).
I don't like this one either, but often it is inherited from the past from other people and it is not going to change.
On the other hand, split-horizon DNS is going to stay with us, even if the AD domain is a subdomain of the public one. Records in the internal zone are not going to become public anytime soon.