diff --git a/NEWS b/NEWS
index a5c1fec6aba10470a88366a8b0f810d1e7d61cbc..faa9a05acd862e7399ad7c0b75d56a513d351969 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,7 @@ Improvements
 ------------
 - allow answering from cache in non-iterative modes (#122)
 - command line: specify ports via @ but still support # for compatibility
+- policy: recognize 100.64.0.0/10 as local addresses
 
 
 Knot Resolver 1.2.6 (2017-04-24)
diff --git a/modules/policy/policy.lua b/modules/policy/policy.lua
index b48234ee3869546b761f74b4a01cc17a981224b0..d3ae783d2a980ab2d80488533de51057240aa38f 100644
--- a/modules/policy/policy.lua
+++ b/modules/policy/policy.lua
@@ -318,7 +318,9 @@ end
 
 -- RFC1918 Private, local, broadcast, test and special zones
 -- Considerations: RFC6761, sec 6.1.
+-- https://www.iana.org/assignments/locally-served-dns-zones
 local private_zones = {
+	-- RFC6303
 	'10.in-addr.arpa.',
 	'16.172.in-addr.arpa.',
 	'17.172.in-addr.arpa.',
@@ -337,7 +339,6 @@ local private_zones = {
 	'30.172.in-addr.arpa.',
 	'31.172.in-addr.arpa.',
 	'168.192.in-addr.arpa.',
-	-- RFC5735, RFC5737
 	'0.in-addr.arpa.',
 	'127.in-addr.arpa.',
 	'254.169.in-addr.arpa.',
@@ -345,7 +346,73 @@ local private_zones = {
 	'100.51.198.in-addr.arpa.',
 	'113.0.203.in-addr.arpa.',
 	'255.255.255.255.in-addr.arpa.',
-	-- IPv6 local, example
+	-- RFC7796
+	'64.100.in-addr.arpa.',
+	'65.100.in-addr.arpa.',
+	'66.100.in-addr.arpa.',
+	'67.100.in-addr.arpa.',
+	'68.100.in-addr.arpa.',
+	'69.100.in-addr.arpa.',
+	'70.100.in-addr.arpa.',
+	'71.100.in-addr.arpa.',
+	'72.100.in-addr.arpa.',
+	'73.100.in-addr.arpa.',
+	'74.100.in-addr.arpa.',
+	'75.100.in-addr.arpa.',
+	'76.100.in-addr.arpa.',
+	'77.100.in-addr.arpa.',
+	'78.100.in-addr.arpa.',
+	'79.100.in-addr.arpa.',
+	'80.100.in-addr.arpa.',
+	'81.100.in-addr.arpa.',
+	'82.100.in-addr.arpa.',
+	'83.100.in-addr.arpa.',
+	'84.100.in-addr.arpa.',
+	'85.100.in-addr.arpa.',
+	'86.100.in-addr.arpa.',
+	'87.100.in-addr.arpa.',
+	'88.100.in-addr.arpa.',
+	'89.100.in-addr.arpa.',
+	'90.100.in-addr.arpa.',
+	'91.100.in-addr.arpa.',
+	'92.100.in-addr.arpa.',
+	'93.100.in-addr.arpa.',
+	'94.100.in-addr.arpa.',
+	'95.100.in-addr.arpa.',
+	'96.100.in-addr.arpa.',
+	'97.100.in-addr.arpa.',
+	'98.100.in-addr.arpa.',
+	'99.100.in-addr.arpa.',
+	'100.100.in-addr.arpa.',
+	'101.100.in-addr.arpa.',
+	'102.100.in-addr.arpa.',
+	'103.100.in-addr.arpa.',
+	'104.100.in-addr.arpa.',
+	'105.100.in-addr.arpa.',
+	'106.100.in-addr.arpa.',
+	'107.100.in-addr.arpa.',
+	'108.100.in-addr.arpa.',
+	'109.100.in-addr.arpa.',
+	'110.100.in-addr.arpa.',
+	'111.100.in-addr.arpa.',
+	'112.100.in-addr.arpa.',
+	'113.100.in-addr.arpa.',
+	'114.100.in-addr.arpa.',
+	'115.100.in-addr.arpa.',
+	'116.100.in-addr.arpa.',
+	'117.100.in-addr.arpa.',
+	'118.100.in-addr.arpa.',
+	'119.100.in-addr.arpa.',
+	'120.100.in-addr.arpa.',
+	'121.100.in-addr.arpa.',
+	'122.100.in-addr.arpa.',
+	'123.100.in-addr.arpa.',
+	'124.100.in-addr.arpa.',
+	'125.100.in-addr.arpa.',
+	'126.100.in-addr.arpa.',
+	'127.100.in-addr.arpa.',
+
+	-- RFC6303
 	'0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.',
 	'1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.',
 	'd.f.ip6.arpa.',
@@ -353,7 +420,7 @@ local private_zones = {
 	'9.e.f.ip6.arpa.',
 	'a.e.f.ip6.arpa.',
 	'b.e.f.ip6.arpa.',
-	'8.b.d.0.1.0.0.2.ip6.arpa',
+	'8.b.d.0.1.0.0.2.ip6.arpa.',
 }
 policy.todnames(private_zones)