Re: [knot-resolver-users] Knot Resolver - redirect wildcard domain

Hello. On 1/16/20 12:42 PM, Milan Jeskynka Kazatel wrote: hints module takes file in /etc/hosts format, so no wildcards are considered/expanded. For this I expect you want to use policy.rpz(), for example kresd config policy.add(policy.rpz(policy.DENY, 'blacklist.rpz')) And the blacklist containing *.example.com CNAME . example.com CNAME . Two lines are needed to deny both the name itself and everything underneath.  With `policy.DENY` the answer is NXDOMAIN. That way seems much better than answering with non-replying addresses like 10.** in your case. https://knot-resolver.readthedocs.io/en/stable/modules.html#c.policy.rpz --Vladimir