Hello.

On 1/16/20 12:42 PM, Milan Jeskynka Kazatel wrote:

hints.add_hosts('/etc/knot-resolver/static_records.txt')
[...]

But I´m not able to handle the correct syntax for a wildcard domain redirection.

hints module takes file in /etc/hosts format, so no wildcards are considered/expanded.

For this I expect you want to use policy.rpz(), for example kresd config

policy.add(policy.rpz(policy.DENY, 'blacklist.rpz'))

And the blacklist containing

*.example.com CNAME .
example.com CNAME .

Two lines are needed to deny both the name itself and everything underneath. With `policy.DENY` the answer is NXDOMAIN.

That way seems much better than answering with non-replying addresses like 10.** in your case.
https://knot-resolver.readthedocs.io/en/stable/modules.html#c.policy.rpz

--Vladimir