Externally applying internal network domain name system (DNS) policies

What is claimed is: 1. A computer-implemented method for applying internal network policies to domain name service (DNS) queries, the method comprising: receiving, by a first global recursive resolver included in an external network, a global DNS query that includes: (i) a client subnet that is derived from an internal Internet Protocol (IP) address representing a first internal device in an internal network, and (ii) a source Internet Protocol (IP) address representing a device that is transmitting the global DNS query, wherein the internal IP address is different from the source IP address; extracting, from the global DNS query by the first global recursive resolver, (i) the client subnet and (ii) the source IP address; selecting, by the first global recursive resolver and based on both (i) the client subnet and (ii) the source IP address, a first internal network policy from a plurality of internal network policies; and applying, by the first global recursive resolver, the first internal network policy when performing one or more DNS resolution operations to generate a response to the global DNS query. 2. The computer-implemented method of claim 1 , wherein the source IP address comprises an external network address translation (NAT) IP address that represents a plurality of internal devices included in the internal network, the device transmitting the global DNS query is included in the plurality of internal devices, and the first internal device is included in the plurality of internal devices. 3. The computer-implemented method of claim 2 , wherein: the internal IP address comprises four address octets, and the client subnet comprises a subset of the four address octets. 4. The computer-implemented method of claim 2 , wherein: the internal IP address comprises 128 bits, and the client subnet comprises a subset that includes 16 or more of the 128 bits. 5. The computer-implemented method of claim 1 , wherein extracting the client subnet from the global DNS query comprises: determining that an Extension Mechanisms for DNS (EDNS) pseudo resource record, specifying an EDNS client subnet option code and the client subnet, is contained in the global DNS query, and processing, based on the EDNS client subnet option code, the EDNS pseudo resource record to extract the client subnet. 6. The computer-implemented method of claim 1 , wherein extracting the client subnet from the global DNS query comprises: determining that a query name contained in the global DNS query includes the client subnet, and extracting the client subnet from the query name. 7. The computer-implemented method of claim 1 , wherein the first internal network policy specifies at least one of translation behavior, traffic routing behavior, or forwarding behavior. 8. The computer-implemented method of claim 1 , wherein selecting the first internal network policy from the plurality of internal network policies comprises: performing one or more comparison operations between the source IP address and the plurality of internal network policies to determine that the first internal network policy is applicable to the source IP address; and performing one or more comparison operations between the client subnet and the first internal network policy to determine that the first internal network policy is further applicable to the client subnet. 9. The computer-implemented method of claim 1 , wherein performing one or more DNS resolution operations comprises: determining that the first internal network policy affects access to information associated with a domain name specified in the global DNS query; and producing the response that conforms to the first internal network policy. 10. The computer-implemented method of claim 9 , wherein the response is associated with at least one of: indicating that the global DNS query is unsuccessful, blocking access to information associated with the domain name specified in the global DNS query, redirecting the global DNS query to a predetermined error webpage, or providing a call that executes an action. 11. The computer-implemented method of claim 1 , wherein performing one or more DNS resolution operations comprises recursively traversing a DNS hierarchy to translate a domain name specified in the global DNS query to a first IP address that complies with the first internal network policy. 12. One or more non-transitory computer-readable storage media including instructions that, when executed by one or more processors, cause the one or more processors to apply internal network policies to domain name service (DNS) queries by performing steps of: receiving, by a first global recursive resolver included in an external network, a global DNS query that includes: (i) a client subnet that is derived from an internal Internet Protocol (IP) address representing a first internal device in an internal network, and (ii) a source Internet Protocol address representing a device that is transmitting the global DNS query, wherein the internal IP address is different from the source IP address; extracting, from the global DNS query by the first global recursive resolver, (i) the client subnet and (ii) the source IP address; selecting, by the first global recursive resolver and based on both (i) the client subnet and (ii) the source IP address, a first internal network policy from a plurality of internal network policies; and applying, by the first global recursive resolver, the first internal network policy when performing one or more DNS resolution operations to generate a response to the global DNS query. 13. The one or more non-transitory computer-readable storage media of claim 12 , wherein: the source IP address comprises an external network address translation (NAT) IP address that represents a plurality of internal devices included in the internal network, the device transmitting the global DNS query is included in the plurality of internal devices, and the first internal device is included in the plurality of internal devices. 14. The one or more non-transitory computer-readable storage media of claim 13 , wherein: the internal IP address comprises four address octets, and the client subnet comprises a subset of the four address octets. 15. The one or more non-transitory computer-readable storage media of claim 12 , wherein extracting the client subnet from the global DNS query comprises: determining that an Extension Mechanisms for DNS (EDNS) pseudo resource record, specifying an EDNS client subnet option code and the client subnet, is contained in the global DNS query, and processing, based on the EDNS client subnet option code, the EDNS pseudo resource record to extract the client subnet. 16. The one or more non-transitory computer-readable storage media of claim 12 , wherein the first internal network policy specifies at least one of translation behavior, traffic routing behavior, or forwarding behavior. 17. The one or more non-transitory computer-readable storage media of claim 12 , wherein selecting the first internal network policy from the plurality of internal network policies comprises: performing one or more comparison operations between the source IP address and the plurality of internal network policies to determine that the first internal network policy is applicable to the source IP address; and performing one or more comparison operations between the client subnet and the first internal network policy to determine that the first internal network policy is further applicable to the client subnet.