diff --git a/modules/policy/README.rst b/modules/policy/README.rst
index 7037e4e0a1ea19bf23015ecd4fab7bae87ca87db..ba0eecfa710eaa726c10339e3462b1b9be0067c3 100644
--- a/modules/policy/README.rst
+++ b/modules/policy/README.rst
@@ -28,15 +28,15 @@ A *filter* selects which queries will be affected by specified Actions_. There a
 
    Always applies the action.
 
-.. function:: domain(action, domain)
+.. function:: domains(action, domain_table)
 
-   Applies the action if query name matches the provided domain name.
+   Applies the action if query name matches one the domains in the table.
 
-.. note:: For speed this filter requires a domain name in DNS wire format, not textual representation, so each label in the name must be prefixed with its length. Always use convenience function :func:`todname` for automatic conversion from a string! For example:
+.. note:: For speed this filter requires domain names in the DNS wire format, not textual representation, so each label in the name must be prefixed with its length. Always use convenience function :func:`policy.todnames` for automatic conversion from a string! For example:
 
    .. code-block:: lua
 
-      policy.domain(policy.DENY, todname('example.com'))
+      policy.add(policy.domain(policy.DENY, policy.todnames({'example.com', 'example.net'})))
 
 .. function:: pattern(action, pattern)
 
diff --git a/modules/policy/policy.lua b/modules/policy/policy.lua
index 74ee25b810b2655d7d3c6531d132053bfca10ac3..aceeb5a5c041674e704c88646acc74b1796d1f1f 100644
--- a/modules/policy/policy.lua
+++ b/modules/policy/policy.lua
@@ -345,10 +345,13 @@ function policy.all(action)
 end
 
 -- Requests whose QNAME is exactly the provided domain
-function policy.domain(action, dname)
+function policy.domains(action, dname_list)
 	return function(_, query)
-		if query:name() == dname then
-			return action
+		local qname = query:name()
+		for i, dname in ipairs(dname_list) do
+			if ffi.C.knot_dname_is_equal(qname, dname) then
+				return action
+			end
 		end
 		return nil
 	end