receiving, from a Domain Name Service (DNS) at a software-defined networking (SDN) controller of a network, a first indication of a first mapping between a first unique destination Internet Protocol (IP) address associated with a first network flow and first context data associated with the first network flow, wherein the first unique destination IP address maps to an actual destination IP address of a destination device in the network, and where the first unique destination IP address is different than the actual destination IP address;

receiving, from the DNS and at the SDN controller, a second indication of a second mapping between a second unique destination IP address associated with a second network flow and second context data associated with the second network flow, wherein the second unique destination IP address maps to the actual destination IP address of the destination device, and where the second unique destination IP address is different than the actual destination IP address;

identifying first network policy to apply to the first network flow based at least in part on the first context data;

sending, from the SDN controller, a first instruction to a network device in the network to enforce the first network policy on the first network flow having the first unique destination IP address;

identifying second network policy to apply to the second network flow based at least in part on the second context data, wherein the second network policy is different than the first network policy; and

sending, from the SDN controller, a second instruction to the network device or another network device in the network to enforce the second network policy on the second network flow having the second unique destination IP address.