Feature Request: Bind NextDNS Profiles to a Specific Source IP

I propose a feature that allows a NextDNS DoH/DoT profile to be bound to a specific source IP address or IP range. DNS requests over HTTPS or TLS would only be accepted if the encrypted connection originates from an authorized IP; requests from any other IP would be dropped or rejected. This restriction would apply directly to the profile endpoint, effectively enforcing source-IP validation in addition to encryption.

This is useful in scenarios where NextDNS is accessed through a VPN or secure tunnel. If that tunnel drops, DNS queries would fail closed instead of resolving over the public internet, preventing DNS leaks. The feature would add an extra layer of security, help protect against misuse of leaked profile URLs, and be particularly valuable for servers, homelabs, and users with static or known egress IPs.

Question for Developers:

Do you think binding DoH/DoT profiles to a specific source IP (or range) is a reasonable and useful feature to add to NextDNS?