You are unless you intend to build in a CORS mechanism in the DNS protocol that can talk about web origins. Otherwise the server doesn't know well enough to be able to decide. I'm assuming that this is too much work.
Nothing here changes the existing security model. It provides another way for javascript code to get names or addresses to plug into URIs but all the rules about what code can fetch what URIs still apply.
If it would help, we could specifically rule out circumventing the local DNS resolver as a goal. The only thing I care about is making DNS queries such as SRV and URI and maybe NAPTR that are not otherwise possible to make from Javascript.
Regards, John Levine, johnl@xxxxxxxxx, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly