The easiest solution to that, that has been known for many years, and the actual first step that one has been able to take for quite some time now, is running one's own root content DNS server on the LAN. DNS traffic for queries that use invalid top-level domains never escapes the LAN and never even reaches an ISP.
It's a fairly simple exercise in content DNS service. I actually set my machines up with a root content DNS server each.
* http://jdebp.eu./Softwares/nosh/guide/services/djbdns.html#D...
* http://cr.yp.to/dnsroot.html
Search paths are a subject in their own rights.