could i use a host file and a dns service for layered protection

host file catches what dns doesn’t

The HOSTS file doesn’t actually catch anything. You can add domains to this file that you don’t wish your computer to connect to, but realize that the HOSTS file was never intended as a domain blacklist tool.

As such, adding too many entries to your HOSTS file can have an adverse affect on system performance. Since it is just a plain text file instead of an indexed file type, the list must be scanned from the beginning each time a DNS lookup occurs. If your file is several MB’s large and has thousands of entries, you can see how this is less than ideal.

Not to mention that so many malware domains popup and disappear so quickly, it’s a bit of a futile gesture at best. Chances are pretty good that by the time you get the domain into your list, it’s gone again, just filling your list with useless entries.

I would never recommend using the HOSTS file as a malware domain blocking tool.