I read the articles on doing an RPZ and I think it would be best to have this as something that can be done within the Knot resolver, it has that capability. However, the documentation is vague, especially with respect to how the Omnia runs.
I added
echo "policy.add(policy.rpz(policy.DENY, 'blacklist.rpz'))" >>$CONFIGFILE
to /etc/init.d/kresd. Any file like “blacklist.rpz” has to be put in $DEFAULT_RUNDIR which is “/tmp/kresd”. Otherwise a full path is needed. The Knot documentation states
rpz - implementes a subset of the RPZ format. Currently it can be used with a zonefile, a binary database support is on the way. Binary database can be updated by an external process on the fly.
I generate my “conf” file from http://pgl.yoyo.org/adservers/ as a “bind 8 config” format which is like:
zone "yieldmanager.net" { type master; notify no; file "null.zone.file"; };
and created a null.zone.file, also in /etc/init.d/kresd that is basically a wildcard pointing to 127.0.0.1
This doesn’t appear to work, but I think I have close to all the pieces. I expect my “bind 8 config” file wont really work and I need a different format.