Heya,
I can't speak to any of the above, as we use a custom built DNS server + blocklist parser. We don't work with RPZ files or have any upstream dependencies.
While doing IP matching, you have to perform a DNS lookup and wait for the results, this can add anywhere from 1ms (cached) to 1s (full recursive lookup) of latency. The matching behavior adds about ~1ms of latency on top of that with these sources that we currently have in production.
"https://www.spamhaus.org/drop/drop.txt",
"https://www.spamhaus.org/drop/edrop.txt",
"https://www.spamhaus.org/drop/dropv6.txt",
"http://lists.blocklist.de/lists/dnsbl/all.list",
"https://feodotracker.abuse.ch/downloads/ipblocklist.txt",
"https://rules.emergingthreats.net/blockrules/compromised-ips.txt",
"https://raw.githubusercontent.com/ktsaou/blocklist-ipsets/master/firehol_level1.netset",
"https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset",
"https://snort.org/downloads/ip-block-list"
This list will be expanded when our lists are open sourced in the next little while, however they will be published in a flat file format (line per CIDR). Converting them to RPZ format is pretty trivial, probably a ~50 line script would do the job.