Conditional groups

[p3lim]

In both upstreams and blocking we can define rules ("groups") for which source hits which resolver/blocklist, but this is not a thing for conditional.

I would like to, as an example, not allow my guest network to resolve my internal authoritative server, only upstreams and/or blocking.

An example wishful configuration (not a direct proposal):

upstreams:
  groups:
    default:
      - 1.1.1.1
    192.168.0.0/24: # my guest network
      - 1.1.1.2
blocking:
  ...
  clientGroupsBlock:
    default:
      - ads
      - gambling
    192.168.0.0/24: # my guest network
      - ads
conditional:
  mapping:
    my.internal.domain: 10.0.0.5 # my internal authoritative dns
    exposed-service.my.internal.domain: 10.0.0.5 # specific service that guests can query
  clientGroups:
    default:
      - my.internal.domain
    192.168.0.0/24: # my guest network does not get to query my entire domain
      - exposed-service.my.internal.domain

In cases where you wouldn't want a client to reach any mappings it could be an empty list, e.g:

clientGroups:
  ...
  192.168.0.0/24: []

This should be optional, both for brievity in the config and for backwards compatibility.

[github-actions[bot]]

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days.

[bjw-s]

Not stale

[github-actions[bot]]

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days.

[Abraxos]

Not stale, I think I might write up a PR for this... it would be my first time writing go though, so its gonna take a while to get something decent