A Domain Name System (DNS) provides a service to allow endpoint computers to resolve domain names, such as “cisco.com,” into a network address reachable by the endpoint. A DNS typically requires an authoritative domain name server to maintain a mapping of domain names to network addresses, which provides a point to control access to the network access of public web servers.
When using a DNS-based security service, different policies may need to be applied to different user communities. One group of users, such as public relations staff, may require access to different web resources, such as social media, that a company may block from another group of users. One solution relies on each DNS query to identify the user group associated with the query. A domain name server associated with a Security-as-a-Service (SecaaS) can use the identified user group to determine whether to provide the appropriate network address or to block the DNS query. Different users may receive different DNS responses, based on policies of the DNS-based SecaaS.