Unbound DNS firewall

[locus]

Hi!
Just curious if someone happens to know if blocking with Unbound with the methods below has any advantage over the other (faster or more efficient or anything else):

- RPZ, flexible rules to block and/or passthrough or redirect, but often times two rules, one for hostname, one for domain to hostname (ymo.co.za CNAME . and *.ymo.co.za CNAME . for instance)

- conf file, rules like, local-zone: "000.pe." always_nxdomain

I am just looking for advantages of one or the other.