In ForitGate there is an option to add “wildcard” fqdn ie “*.googlevideo.com” and what this will do is:
The dns-helper they have inside the appliance will watch the dns queries of the device and will add the relevant domains ip addresses into the address match.
I believe it’s pretty easy to implement and the basic assumption would be that the clients will be using VyOS as their DNS server.
I am using a similar setup in Mikrotik which run’s every 300 seconds a set of scripts to update the address lists and it works very well.