NIOS-X with DFP and Infoblox Endpoint can honour “Allow - Local Resolution” for Application Custom List on Security Policy. DFP MUST have a fallback resolver configured. This is because the list of applications isn't put into the DNS config file but the DFP config file and the DFP can't send the query back to the DNS server. So to honour “Allow - Local Resolution”, the DFP must have a DNS server it can forward to (i.e. the fallback resolver)

NIOS cannot honour this setting and ignores it.

DoH cannot honour this setting and ignores it.

External Networks cannot honour this setting and ignores it.

Infoblox Threat Defense (cloud) can identify application usage. You can find out the exact domains but configuring “Allow - Local Resolution” for an application custom list in a security policy, apply to an endpoint and then look at the corefile.4 config.

e.g. the “Facebook” app detects on the following domains (which doesn't include the login page)

0.facebook.com 
api.facebook.com
apps.facebook.com
b-api.facebook.com
channel.facebook.com
chat.facebook.com
edge-chat.facebook.com
gateway.facebook.com
graph.facebook.com
lookaside.fbsbx.com
m.facebook.com
mqtt.facebook.com
mqtt.t.facebook.com
orcart.facebook.com
pixel.facebook.com
s-static.ak.facebook.com
star-mini.c10r.facebook.com
star.c10r.facebook.com
star.facebook.com
static.ak.facebook.com
touch.facebook.com
upload.facebook.com
vupload2.facebook.com
vupload2.t.facebook.com
web-chat-e2ee.facebook.com

DeepSeek

deepseek.com