Extend RPZ handling to SVCB/HTTPS records? #16935
Description
We should ponder if address hints in SVCB/HTTPS records should be handled by the RPZ filter policy matching, specifically as a Response trigger. https://datatracker.ietf.org/doc/html/draft-vixie-dnsop-dns-rpz-00#section-4.3 only mentions matching for A or AAAA records.
If we want this, some details need to be fleshed out: what if the ipv4 hint matches, but the ipv6 not or vice-versa? I guess to be safe you want to take action if the a hint address in the record matches an RPZ Response trigger.
If both hints match a Response trigger with a different policy, what to do?
Should the matching be configurable, as this feature is not mentioned in the (never officially adopted) standard? If so configurable by individual RPZ or as a global filter engine setting?
Are there any other records types that might need special treatment with respect to response policies?