[knot-resolver-users] Knot Resolver - redirect wildcard domain

Hello Vladimír, thank you for the fast response,  but your solution could not be applied, it is recommended by law to give an answer with redirected address with the explanation why it was redirected. i.e. "HTTP 451 Nedostupné z právních důvodů Internetová stránka byla zablokována na základě rozhodnutí Ministerstva financí, neboť na ní byla provozována hazardní hra v rozporu s § 7 odst. 2 písm. b) zákona č. 186/2016 Sb., o hazardních hrách." This explanation page runs for example on 10.0.0.50 Best regards,  -- Smil Milan Jeskyňka Kazatel ---------- Původní e-mail ---------- Od: Vladimír Čunát &lt;vladimir.cunat(a)nic.cz&gt; Komu: Milan Jeskynka Kazatel &lt;KazatelM(a)seznam.cz&gt; Datum: 16. 1. 2020 13:28:18 Předmět: Re: [knot-resolver-users] Knot Resolver - redirect wildcard domain " Hello. On 1/16/20 12:42 PM, Milan Jeskynka Kazatel wrote: " hints.add_hosts('/etc/knot-resolver/static_records.txt') [...] But I´m not able to handle the correct syntax for a wildcard domain redirection. " hints module takes file in /etc/hosts format, so no wildcards are considered/expanded. For this I expect you want to use policy.rpz(), for example kresd config <span>policy</span><span>.</span><span>add</span><span>(</span><span>policy</span><span>.</span><span>rpz</span><span>(</span><span>policy</span><span>.</span><span>DENY</span><span>,</span> <span>'blacklist.rpz'</span><span>))</span> And the blacklist containing *.example.com CNAME . example.com CNAME . Two lines are needed to deny both the name itself and everything underneath.   With `policy.DENY` the answer is NXDOMAIN. That way seems much better than answering with non-replying addresses like 10.** in your case. https://knot-resolver.readthedocs.io/en/stable/modules.html#c.policy.rpz (https://knot-resolver.readthedocs.io/en/stable/modules.html#c.policy.rpz) --Vladimir "