I don't see how you could block everything, except something.
You should write zillion entries to be blocked
For that a firewall is better - block the whole Internet and only provide a route to something.
If you could do it on the WLAN side, even easier, safer and better
Or force to use a specific DNS server (with eg VPN to a private DNS) that will not resolve anything (better will block by resolving to 0.0.0.0), except your site.
Or even dummy DNS and give them directly IP address to your site.
Thanks very much indeed! Some great ideas thanks. Sorry for the delay - Ethiopia's internet was blocked for a few weeks. I haven't had much luck finding a firewall as simple to set up as DNS66 (in fact I've been intending to add a third "block" state to the APP tab "bypass" switch for some years, so you could block some apps completely and DNS66-filter the rest), and my app is browser-based. My users are all over Ethiopia so I can't use WLAN rules. Would the DNS server idea mean me running a DNS server then setting that up in the DNS tab? That sounds harder than rebuilding DNS66.
For now, I have hardcoded my URLs in `org.jak_linux.dns66.db.RuleDatabase` and from some very shallow initial tests it seems to be working, now just need to remove hosts parsing, system apps bypass, initial "missing hosts file" confirmation, and the HOSTS, APPS and DNS tabs, and figure out how to change the app name properties. Was amazed how easy it was to build, although can't seem to get the release version to install, only debug - maybe something to do with signing. I might then add a password to the Stop button so that parents can give children their phones confident that they can't do anything other than their school work (with an 8 hour timeout for the forgetful). Love open source..enormous thanks Julian Klode.