Glenn (its aarnet) worked out a simple hack on Zebra to make this fly.
Got 50% through a similar hack here. Never needed it in the end, and gave up.
I didn't deploy it, because first approximation the simple dumps of IP for on-net and domestic were enough to let me sinbin all the rest to offshore. Well, I thought so, but history proved me wrong.
For those of us not in North America, the need is actually far greater on occasion.
Anyway. My point is that BGP is your friend. It should be both cheap (as cheap as a routing lookup, which for an application writing a log to disk like apache is cheap, at least compared to DNS lookup) and very cacheable.
Why don't more applications do this?
Because the people doing one thing don't usually speak to people doing the other. Unless some behemothic (is that a word ?) company like Cisco (only as a bad example - they do hare some stuff) doesn't invent it's own protocol that is patentable, then there will be no standard to copy. Innovation in this arena is pretty much dead it seems. BTW I can actually see that the use of BGP for access control and logging application access would be the subject of a patent application by the greedy, I hope people can recall prior art in the future. Peter