forwarding policy should be able to specify EDNS0 Client Subnet
The EDNS0 Client Subnet extension describes a way that a "stub resolver" can specify its preferred limit of how much the resolver should reveal to the authoritative about the client's IP address.
A user may have a configured resolver that they trust enough to forward to, but not want the resolver to leak their IP address to the authoritative servers it looks up. If such a user is running kresd
as a local caching stub with a forwarding policy, they might want to configure something like:
policy.FORWARD({'192.0.2.15', ecs_prefix_len=0})