For various reasons, I don't run a proxy server on my home network.  I
prefer to have each client connect directly to the target host for web
pages.

I've tried blocking banners and pop-up ads by listing them in the DNS I run
on my net, and pointing it to loopback (there's no web server on that
machine).  However, the list of domains to block keeps growing faster than I
maintain the list.  While Microsoft Internet Explorer handles the "Server
not found" errors reasonably, most of the Linux compatible browsers and
Netscape in particular on our Mac pop up error dialog boxes that have to be
cleared to get back to the web page we were trying to view.  This is almost
as annoying as ads to me, and more so to my housemates.

It seems to me that the firewall is the ideal place to block this unwanted
traffic, that blocking it at the clients really doesn't save the network
anything, but without running a proxy server I have run out of ideas to stop
pop-ups, except for installing client based commercial packages.

I have considered setting up a web server and pointing the evil domains at
it.  Ideally, it would return some sort of "nevermind" response that neither
opens a pop-up window nor triggers an error dialog.

Does anybody else have ideas about this?  How are you blocking ads, if you
are?

(Yes, I know we're discussing theft of services here, what good is a LUG if
we're not at least a little bit subversive.)