Just an idea. Take as a basis for a solution, for example, this article .
But instead of blocking traffic, put labels and route labels wherever you need.

Create an address list with banned sites by domain name, and route the list via vpn with mangle. Names in ip when using vpn will be cut off correctly

The technical specialists of most providers are people who can think systematically, their ideological literacy is an order of magnitude higher than that of their leaders and government agencies. They have an understanding that any restrictions in a single state not only contradict the very essence of the Internet as a supranational phenomenon, but are also practically impossible and meaningless, therefore the requirement of state bodies to block is carried out only formally, to the extent that blocking is guaranteed to work regarding those who initiate such blocking)
Have you tried to figure out the mechanism of blocking at your provider? Usually solved by specifying any public dns-server instead of the provider. How to neutralize Rostelecom blocking can be found here. In the case of other providers, you need to analyze the traffic and configure MikroTik accordingly. In general, if a provider blocks "tightly", it is worth considering why this provider blocks to a greater extent than required by Roskompozor and dooms its subscribers to additional costs and difficulties associated with vpn, etc.

Our Kyivstar killed dns and something else, most likely something like if the destination address is "VKontakte" port 80 or 443 - deny, and the tracer goes