# Installing a DNS Server for the Overrides

The best way to override the DNS is to install a second DNS server specifically for that purpose. We recommend using the open source Unbound DNS server (<https://nlnetlabs.nl/projects/unbound/about/>). The Unbound DNS server has the ability to create DNS zones that are “transparent” (meaning that the DNS server will respond with the IP address of a host that has been defined within the server for a given domain, but if that host is not found, it will forward the host name to another DNS for resolution). This overcomes the problem of maintaining a large number of hosts in a monitored domain, when only a few need to be monitored.

Unbound comes in both Windows and Linux versions. Simply install it using the provided installers. Once the install is completed, you will need to configure it. The following is a sample configuration for monitoring Facebook and Twitter:

```
# Unbound configuration file on windows.
server:
            verbosity: 0
server: dlv-anchor-file: "C:\Unbound\dlv.isc.org.key"
server:
            interface: 0.0.0.0
            access-control: 192.168.0.0/16 allow
            port: 53
local-zone: "facebook.com." transparent
local-data: "www.facebook.com. IN A 192.168.10.41"
local-zone: "twitter.com." transparent
local-data: "twitter.com. IN A 192.168.10.41"
local-data: "www.twitter.com. IN A 192.168.10.41"
forward-zone:
            name: "facebook.com."
            forward-addr: 192.168.10.254
forward-zone:
            name: "twitter.com."
            forward-addr: 192.168.10.254
```

You will need to configure the access–control tags to map to internal IP addresses, you will need to set the Facebook and Twitter IP addresses to map to the IP address of the Composable Agentic Platform appliance and you will need to set the forward zone IP addresses to the IP address of the immediate upstream (ISP) DNS server.

Once the configuration has been set in the DNS server, we recommend testing it using lookups to login.facebook.com (it should resolve to the real IP address) and then another lookup to [www.facebook.com](http://www.facebook.com) (it should resolve to the Composable Agentic Platform appliance IP address).

You now have an authoritative DNS server for the sites you wish to monitor.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.tomorrowx.com/cap/product-reference/setting-up-a-dns-override-for-data-loss-prevention/installing-a-dns-server-for-the-overrides.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.