search

Installing a DNS Server for the Overrides

The best way to override the DNS is to install a second DNS server specifically for that purpose. We recommend using the open source Unbound DNS server (https://nlnetlabs.nl/projects/unbound/about/). The Unbound DNS server has the ability to create DNS zones that are “transparent” (meaning that the DNS server will respond with the IP address of a host that has been defined within the server for a given domain, but if that host is not found, it will forward the host name to another DNS for resolution). This overcomes the problem of maintaining a large number of hosts in a monitored domain, when only a few need to be monitored.

Unbound comes in both Windows and Linux versions. Simply install it using the provided installers. Once the install is completed, you will need to configure it. The following is a sample configuration for monitoring Facebook and Twitter:

# Unbound configuration file on windows.
server:
            verbosity: 0
server: dlv-anchor-file: "C:\Unbound\dlv.isc.org.key"
server:
            interface: 0.0.0.0
            access-control: 192.168.0.0/16 allow
            port: 53
local-zone: "facebook.com." transparent
local-data: "www.facebook.com. IN A 192.168.10.41"
local-zone: "twitter.com." transparent
local-data: "twitter.com. IN A 192.168.10.41"
local-data: "www.twitter.com. IN A 192.168.10.41"
forward-zone:
            name: "facebook.com."
            forward-addr: 192.168.10.254
forward-zone:
            name: "twitter.com."
            forward-addr: 192.168.10.254

You will need to configure the access–control tags to map to internal IP addresses, you will need to set the Facebook and Twitter IP addresses to map to the IP address of the Composable Agentic Platform appliance and you will need to set the forward zone IP addresses to the IP address of the immediate upstream (ISP) DNS server.

Once the configuration has been set in the DNS server, we recommend testing it using lookups to login.facebook.com (it should resolve to the real IP address) and then another lookup to www.facebook.com (it should resolve to the Composable Agentic Platform appliance IP address).

You now have an authoritative DNS server for the sites you wish to monitor.

PreviousDeciding what to OverrideNextSetting the Override

Last updated