EDNS Client Subnet Features - client-address-based ACL to allow/deny use of ECS options and cache
Description
Some ECS-aware servers don't know what to do with some client IP address ranges. Also I can envisage a scenario in which it's desired to add ECS information for some recursive requests, but not for others. Therefore this is a request for an ECS option that is an ACL (similar to ecs-forward) that lists the range(s) of clients for whom ECS options are permitted to be added when recursing.
(Loosely based on Support Ticket #17230 for which I was unable to find a resolver-based workaround)
Request
I could actually see two types of ACL - although my original intent was to target the actual effective ECS options that would be on a resolver request, unless the ACL said not to send them.
Two scenarios exist however: one is to ACL the source IP address of the client query (which might be the actual client, or some intermediate forwarding resolver); the other is to target the actual client (which means that if a client query is received with ECS options on it already via some implementation that isn't the actual client, and this is permitted per ecs-forward options, then we ignore the client source IP and instead look at the currently-effective ECS options when applying the 'do or don't' ACL).
What I'm not sure about is whether or not to also apply the ECS yes/no to how we look in cache. (Or indeed in which sort of cache and how... ?)