I had an interesting discussion about performing URL filtering using DNS only instead of URLs which allows faster resolving and will allow controlling of remote offices internet traffic without deploying URL Filtering on remote gateways or force redirection of internet traffic through the corporate gateway. This means that all DNS requests from remote offices are inspected by the gateway and allowed/blocked based on the DNS resolving. I know that the Anti-bot uses DNS for malicious website and also according to the "the R80.x Security Gateway Architecture (Content Inspection)" the RAD is using DNS as well but I am wandering if the URL filtering can be done based on the DNS request of the remote hosts or the http/https connection has to be opened and pass through the gateway.
This is similar to OpenDNS solution for Web Content filtering Web Content Filtering and Security – OpenDNS.
Any insights are welcome.