I must say I like this idea and see a lot of potential value in it (given routers can be made to send ECS data).
Over the past two hours, I went back and forth between RFC 6891 and RFC 7871 and finished a first implementation of the Extension Mechanisms for DNS ("EDNS(0)"). FTL should now be able to extract the proper address + prefix-length from the incoming queries.
I'm not yet sold on the MAC feature as there doesn't seem to be a lot of publicly available documentation. You can find details spread across mailing lists mentioning unpleasant things like
its value is implementation specific
@_FailSafe It would be great if you could do some initial testing, whether this works as expected in your environment.
Please run
pihole checkout ftl new/edns0
and continue using Pi-hole as usual. Check /var/log/pihole-FTL.log for lines starting in EDNS0.
Note: This is only the very first step. There is much work left to be done because FTL is already interpreting the DNS packet while it is received (for performance reasons).
This has the consequence that everything (like detecting if a given domain should be blocked for a given client, etc.) is already done and set before the additional records of the query (containing the EDNS0 information) are received/analyzed...