DNS Filtering: Identify URL Reputation and Category During DNS Lookup
The Enable reputation enforcement on DNS traffic option is enabled by default on the Advanced tab of each new access control policy. This option slightly modifies URL filtering behavior and is applicable only when URL filtering is enabled and configured.
When this option is enabled:
-
The system evaluates domain category and reputation early in URL transactions, when the browser looks up the domain name to get the IP address
-
Category and reputation of encrypted traffic can often be determined without decryption
If DNS filtering cannot determine the URL of encrypted traffic, that traffic is processed using your configurations for encrypted traffic.