Specify regex capturing groups for target-filtering matching

[cbuijs]

See also #341 .

Would be cool that we can somehow use the existing block features by defining a capturing group regex where to match against.

For example response-ip not only looking in A or/and AAAA records, but in parts of targets of other record types too.

For example if your want to match against an address in an list, for a HTTPS type record, a matching/capturing regex could be given like this:

^.*ipv[46]hint=(?P<IP>[^\s]+).*$

The matching bit will be captured into a group with the name IP that would be used to match against the list. We might want to be more general in naming the regex-group, or just match against any groups popping out of the regex as result (perhaps easier and more flexible).

Logging should encompass which regex capturing group provided the "hit".

[folbricht]

How about response-ip not only checks the IPs in A/AAAA records, but also considers the target IPs in HTTPS and SVCB records? That should be quite straightforward.

[cbuijs]

Depends... HTTPS/SVCB records don't have to contain IP-Addresses, bit they can (and most cases there is). If we can safely detect them and use it in response-ip that would be great.

Idea behind it is that the IP's potentially could be of unwanted services/content normally blocked by IP (A and AAAA), don't find another way to get access. I think your proposed way would probably cover 99% of all cases anyway, so yes... Makes sense in that scenario for sure.

Lets do it! :-)