Netmasks (both IPv4 and IPv6) that are allowed to use the server. The default allows access only from RFC 1918 private IP addresses. Due to the aggressive nature of the internet these days, it is highly recommended to not open up the recursor for the entire internet. Questions from IP addresses not listed here are ignored and do not get an answer.
https://docs.powerdns.com/recursor/settings.html#allow-from
Imagine an ISP network with non RFC1918 IP adresses - they can't make use of PowerDNS recursor.
CLI proposal:
set system dns forwarding allow-clients <x.x.x.x/x>
set system dns forwarding allow-clients <h:h:h:h:h:h:h:h/x>