Hello Vladimír,

thank you for the fast response,

but your solution could not be applied, it is recommended by law to give an answer with redirected address with the explanation why it was redirected.

i.e.

"HTTP 451

Nedostupné z právních důvodů

Internetová stránka byla zablokována na základě rozhodnutí Ministerstva financí, neboť na ní byla provozována hazardní hra v rozporu s § 7 odst. 2 písm. b) zákona č. 186/2016 Sb., o hazardních hrách."

This explanation page runs for example on 10.0.0.50

Best regards,
--
Smil Milan Jeskyňka Kazatel

Hello.

On 1/16/20 12:42 PM, Milan Jeskynka Kazatel wrote:

hints.add_hosts('/etc/knot-resolver/static_records.txt')
[...]

But I´m not able to handle the correct syntax for a wildcard domain redirection.

hints module takes file in /etc/hosts format, so no wildcards are considered/expanded.

For this I expect you want to use policy.rpz(), for example kresd config
policy.add(policy.rpz(policy.DENY, 'blacklist.rpz'))
And the blacklist containing
*.example.com CNAME .
example.com CNAME .
Two lines are needed to deny both the name itself and everything underneath. With `policy.DENY` the answer is NXDOMAIN.

That way seems much better than answering with non-replying addresses like 10.** in your case.
https://knot-resolver.readthedocs.io/en/stable/modules.html#c.policy.rpz

--Vladimir