Methods and systems provide for improved security for domain name resolution (DNS) and browsing. User privacy may be improved for client devices by first transmitting authentication information and the domain name to a server. After determining that the requesting security component on the client device is authorized to access a domain resolution service, the domain name is resolved to obtain an internet protocol (IP) address. Classification data is then retrieved from a third-party service for the domain name and/or the IP address. This classification data may then be evaluated against a first policy associated with the client device. When the evaluation indicates the client device is not allowed to access the IP address, the client device is sent information indicating that access is not permitted. When access is permitted, the client device may be sent the IP address and the classification data used for the evaluation.