You could check against the lists by wrapping in a simple API. You'll also be able to choose which lists and make exceptions or edits, as well as keeping them up to date
aka app uses dns service. Typically, the gatway/server of dns service does appropriate checks per system/network administration setups/policies. Aforementioned dns service returns a 'failure to resolve' if domain/address doesn't meet 'valid/appropriate' policy/rules.
An application on a properly configured network / box should only have to verify an address/domain exists/reachable via dns lookup[1].
An application / non-server box / non-gateway box attempting to do this via other methods may be taken to be malicious / violate network policy of domain box running app is on.
From system/network administrator view, end user box suddenly starts using information related to malicious sites. aka system/network administrator sees 'information related to malicious sites' and not 'this a query to see if this information is related to a malicious site'.
Failtoban[2] / unbound[3] / dnsmasq[4] or BIND[5] are some programs run as system service which make use of dns queries to let an app know if domain is a 'do not use'.
-------
[1] : a) https://stackoverflow.com/questions/41060027/how-to-use-nslo...
b) https://community.jisc.ac.uk/library/janet-services-documentation/how-block-or-sinkhole-domains-bind
[3] : unbound blacklisting : https://www.howtoforge.com/how-to-set-up-local-dns-with-unbo...
[4] : dnsmasq blacklisting : https://alblue.bandlem.com/2020/05/using-dnsmasq.html
[5] : BIND blacklisting : https://community.jisc.ac.uk/library/janet-services-document...