Tinkering about how to publish domain blacklists without immediately revealing the domains. Compressed bloom filters or Golomb-coded sets using hash functions whose complexity increases exponentially + a final memory hard hash?
The threat model can ignore DoS attacks: such a filter would run locally anyway. But even then, you don’t want to add a 5 second latency (time the number of labels for subdomain matching) for every lookup.