Allow RPZ filtering based on SVCB/HTTPS RDATA
A support customer has reported that response-policy filtering is not blocking based on the presence of blocked IPs in the RDATA of SVCB and HTTPS records:
https://support.isc.org/Ticket/Display.html?id=18156
Doing so would have been in conflict with section 4.3 of draft-ietf-dnsop-svcb-https, but a change was accepted in Last Call process to relax this:
https://mailarchive.ietf.org/arch/msg/dnsop/9_GXre5UVskG3VVguTVfnDzggN0/
https://github.com/MikeBishop/dns-alt-svc/pull/313
This would close a loophole that would weaken the purpose of response-policy.