You’re second point is a good one, but you absolutely can log the IP which requested robots.txt. That’s just a standard part of any http server ever, no JavaScript needed.

Be sure not to create an open resolver, something commonly used in DDoS attacks. https://serverfault.com/questions/573465/what-is-an-open-dns-resolver-and-how-can-i-protect-my-server-from-being-misused#573471

This makes perfect sense. Thank you!