Getting DNS query/info from packet?

I’m quite new to Windows Driver Development. I wrote a Network Filter Driver by my self and got few things done like getting current packet IP address etc, like below:
Values->incomingValue[FWPS_FIELD_STREAM_V4_IP_LOCAL_ADDRESS].value.uint32;
Values->incomingValue[FWPS_FIELD_STREAM_V4_IP_REMOTE_ADDRESS].value.uint32;
Currently, Im trying to block IP addresses and its working fine. But what about getting packet requested domain address?
How can I achieve domain address requested by for example Chrome? so I can filter and block them as domain name addresses.
In my thoughts, I’ll need dns query or somehow?

Thanks in advance

WFP does not provide a mechanism for easily getting the requested domain from a DNS packet (nor should it). You’ll need to register at DATAGRAM_DATA_4/6 for UDP DNS, then either redirect the packet into usermode to parse the packet or parse it in the kernel. For TCP you may be able to do something at the STREAM layer or you can use CONNECT_REDIRECT into usermode and then parse the DNS packet there.

This is why domain-based blocking is done in a proxy, not in a filter. The DNS resolution might have happened many hours before the HTTP request.

IIRC TTL on DNS is usually days and on multi-homed systems, the DNS query could be performed on a different interface from the interface for the connection. That’s common in a split VPN configuration where name resolution happens on the corporate servers, but web browsing goes straight out the local internet link. This strategy is commonly deployed to save internet bandwidth for work at home situations