For example URLHaus still has feeds with frequent updates for all 3 formats but there are more providers as well..
If I understand correctly the answer in the past was always that IP Blocklist is faster and uses less resources and it can handle more frequent updates than IPS or Unbound (RPZ).
I don’t know if anything really changed since then, I am know that recently Suricata 8.0.1 was included in IPFire and the new DNS Response Policy Zone (RPZ) add on is working great.
IP Blocklists are very fast and well maintained in IPFire. The frequent updates are necessary because malware IPs change frequently
RPZ lists produce some amount in the DNS process, not too large in my experience. Updating can be less frequently, because the URLs to be blocked don’t change very often. RPZ is an experimental addon in IPFire.
Suricata IPS brings some load to the network stack. In the moment there are cases, where the throughput is throttled. Having this problem, I have disabled IPS at the moment.