I've always wondered why you couldn't resolve all the hostnames in the DNSBL of your choice into IPs, and then block packets to those IPs. Maybe some routers simply don't have that functionality but it seems pretty trivial for pfSense.

Is there some reason why that's a terrible idea that I've overlooked?