I had done all of the above in AVG Firewall on Windows, and it was very easy to do.
That's the part I actually doubt. All firewalls configured by normal users I've seen in my lifetime were so much of a mess, that they had more holes than a swiss cheese on were so strict they became unusable
I'm also quite surprised about "ranges known to be used by malware, marketers, etc...". If those were really even halfway public knowledge, there would be no malware of "marketing" problem on the Internet.
This one should get his medication, and think his strategy over.
These generic TLDs were not a good idea, not now, not never...
Perhaps it makes it slightly clearer. Contrary to popular belief, an authoritative server does not need to be authoritative for the public internet. Locally is just fine. Just don't use stuff that clashes with the public DNS system.
if the other LAN members communicate with "linux.home" an entry is supposed to be already present in "hosts" (like) files
Host files? Are you serious? Nobody outside the tech world uses those and even the techs don't use it except for very very specific cases. For the normal users there is DNS-SD (Zeroconf) and anybody more technical is better off simply setting up a DNS server with authoritative zone for the local network (Which is why I hate these new TLDs... My domain of choice might be sold someday and I'll have to give it up using locally... having to use the boring
This is a problem of their making. The generic TLDs shouldn't ever have been introduced.
With your bare hands?!?