A method is provided in one example and includes maintaining a correlation between a domain name and a plurality of Internet protocol (IP) addresses included in a domain name system (“DNS”) response to a DNS request in connection with DNS exchange between a subscriber and a DNS server, wherein each of the IP addresses corresponds to one of a plurality of web servers associated with the domain name; receiving from the subscriber a packet associated with a flow; identifying an IP address within the packet as being one of the plurality of IP addresses included in the DNS response; and executing a policy decision for the subsequent flow without inspecting the contents of the subsequent flow at layer 7 based on an identity of the subscriber and the domain name correlated to the identified IP address, wherein the policy decision comprises charging a different rate for a particular flow.