policies and sub-queries

Policies are currently only applied to full requests, i.e. when begin happens for layers. We do copy the flag and server list when creating sub-queries, but:

not everywhere, e.g. the dns64 module is broken in this respect;
the subquery might be for a name that the policy should apply differently, e.g. users attempting to handle different parts of the DNS tree differently. A similar situation is on CNAME jumps, as those may also lead to a different part of the tree.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

Admin message

policies and sub-queries