DNS thread

Oh, yeah, totally forgot, pointing at your trusted cert bundle is a must for TLS to work at all. It's just it's not in the forward section, whoops.
That path is distro specific BTW.

OpenNIC
p
e
n
N
I
C

or Quad Nine

BIG yikes

It doesn't. Hosts translates domain names into IPs. And that's literally what DNS does. Hosts file is just your local DNS, similar to DNS cache.
Adblocking hosts files just translate ad domains into 0.0.0.0. You're not forced to do so. You can translate a domain into whatever IP you want.
You can log your network's DNS requests for a month on your router, phone or rPi and just use that as your hosts file. Look into how to make an rPi your DNS.