Not necessarily, I've had good luck with DNS blocking my Roku at least. I was surprised since I expected it to have hardcoded DNS. I'm sure that Chromecasts are propbably hardcoded to 8.8.8.8. It's probably not possible or easy to do with a consumer router, but if you had a Linux router (or something enterprise-y), you could do a NAT rule similar to this to force something to go to your own DNS server:

    iptables -A PREROUTING -s <IP of device> -d 8.8.8.8 -p udp -m udp --dport 53 -j DNAT --to-destination <IP of custom DNS>:53

I hope the NextDNS privacy blocklist for Roku can deal with these.