Maybee this case could be a good reason to improve Knot-Resolver and implement a more user-friendly option to redirect wildcard records to another response IP address.

Thank you and have a nice day,

best regards,
--
Smil Milan Jeskyňka Kazatel

On 1/16/20 3:30 PM, Milan Jeskynka Kazatel wrote:
> but your solution could not be applied, it is recommended by law to
> give an answer with redirected address with the explanation why it was
> redirected. [...]

OK, it's not a nice way, but there is one:
https://gitlab.labs.nic.cz/knot/knot-resolver/issues/194#note_94768

Well, I personally don't like rewriting DNS and prefer NXDOMAIN or
NODATA if you have to block, but I understand it has advantages in this
case.

--Vladimir