Just checked. a Pi-hole can block ocsp.apple.com. So mine sure as shit is...
It's frustrating. I wish a fringe toy for nerds wasn't needed for shit like this, although I wouldn't be surprised if Windows 10 sends similar analytics. And I say that having implemented analytics in the app start-up I'm part of. People underestimate how much a call home can theoretically do to tell you about your day, habits, and life. I'm also frustrated because I can't get pihole to work because I can't even forward ports on my ISP box. Gah.
I don't know what it looks like on that side of the pond, but on this side your ISP box isn't your friend. I lean pretty heavily into Ubiquiti, even though it's prosumer shit pretending to be enterprise-class and has a lot of really dumb omissions. I haven't used this shit but I've probably got $1800 worth of Unifi between home and work. Get a modem that will handle the speed, then put a router/WAP on it and control your life.
Right? I'll say this: once you've run a pi-hole it's really hard to go back. It's like "oh, this is what the designer wanted the website to look like before sales shoved a dozen banner ads in there" and also "sure am glad I'm not waiting six seconds for Akamai to load an Amazon product I'll never buy." It fux with the on-demand services in... weird ways. I've blown enough holes in it for CBS to find their ad networks, but only just... which means the last six seconds of shows before commercial breaks are in silence, and the last six seconds of any ad package are also. And every now and then they mess with things so that, like, I can only partially browse CBS on my Playstation. But I'm more than willing to take that sacrifice.