Have you guys considered just having the resolver not return anything? Such that my system would fallback to another resolver (such as Google or Quad9) and I wouldn't have issues accessing the site?
I guess that still has the privacy implications.. but at least it would work!