Doing so at the dns layer is a much better option, as it prevents the end user or malware from bypassing those restrictions with a non-standard browser or modifying the client settings (which shouldn’t happen, but can).
In an enterprise environment, which is exactly what this is aimed at, that kind of protection is a boon against the random shit end users click on.
“protective DNS”
There is no way there isn’t a hidden agenda. You already could block malicious websites at the browser level
Not all connections are at the browser level.
Doing so at the dns layer is a much better option, as it prevents the end user or malware from bypassing those restrictions with a non-standard browser or modifying the client settings (which shouldn’t happen, but can).
In an enterprise environment, which is exactly what this is aimed at, that kind of protection is a boon against the random shit end users click on.