diff --git a/agent.go b/agent.go
index e182fa4..9fa0738 100644
--- a/agent.go
+++ b/agent.go
@@ -125,10 +125,22 @@ func Run(ctx context.Context, configFilePath string, hostDNSServer DNSServer,
 			// this will cause domain, IP mapping to be cached
 			ipAddress, err := dnsProxy.getIPByDomain(domainName)
 			if err != nil {
-				WriteLog(fmt.Sprintf("Error resolving allowed domain %v", err))
-				WriteAnnotation(fmt.Sprintf("%s Reverting agent since allowed endpoint %s could not be resolved", StepSecurityAnnotationPrefix, strings.Trim(domainName, ".")))
-				RevertChanges(iptables, nflog, cmd, resolvdConfigPath, dockerDaemonConfigPath, dnsConfig, sudo)
-				return err
+				WriteLog(fmt.Sprintf("Error resolving allowed domain in Block mode %v", err))
+				WriteLog("Switching to Audit mode.")
+
+				// Change the policy to Audit
+				config.EgressPolicy = EgressPolicyAudit
+				apiclient.EgressPolicy = EgressPolicyAudit
+
+				// Reinitialize the Cache with the new Audit policy
+				Cache = InitCache(config.EgressPolicy)
+
+				// Update DNSProxy with the new cache and EgressPolicy
+				dnsProxy.Cache = &Cache
+				dnsProxy.EgressPolicy = EgressPolicyAudit
+
+				// Exit the loop as we have switched to Audit policy
+				break
 			}
 			for _, endpoint := range endpoints {
 				// create list of ip address to be added to firewall
diff --git a/dnsconfig.go b/dnsconfig.go
index d5ffe9b..a07e320 100644
--- a/dnsconfig.go
+++ b/dnsconfig.go
@@ -25,7 +25,7 @@ const (
 	// https://unix.stackexchange.com/questions/508397/what-is-the-recommended-way-to-set-a-global-dns-server-override-on-a-system-usin
 	// Domains=~. instructs systemd-resolved to always use the global nameservers
 	// and to never query any DHCP-supplied nameservers
-	localDnsServer = "[Resolve]\nDNS=127.0.0.1\nDomains=~.\n"
+	localDnsServer = "[Resolve]\nDNS=127.0.0.1 172.17.0.1\nDomains=~.\n"
 )
 
 func updateDockerConfig(configPath string) error {
@@ -46,7 +46,7 @@ func updateDockerConfig(configPath string) error {
 		return errors.Wrap(err, "failed to unmarshal config file")
 	}
 
-	m["dns"] = []string{dockerDnsServer}
+	// m["dns"] = []string{dockerDnsServer}
 	m["live-restore"] = true
 	// m["userns-remap"] = "runner:runner" // Checkout: https://docs.docker.com/engine/security/userns-remap/#enable-userns-remap-on-the-daemon
 
diff --git a/dnsconfig_test.go b/dnsconfig_test.go
index fa134db..7616c8a 100644
--- a/dnsconfig_test.go
+++ b/dnsconfig_test.go
@@ -41,11 +41,11 @@ func Test_updateDockerConfig(t *testing.T) {
 	}{
 		{name: "existing file",
 			args:    args{configPath: tmpFileName},
-			want:    "{\"cgroup-parent\":\"/actions_job\",\"dns\":[\"172.17.0.1\"],\"live-restore\":true}",
+			want:    "{\"cgroup-parent\":\"/actions_job\",\"live-restore\":true}",
 			wantErr: false},
 		{name: "non existent file",
 			args:    args{configPath: mockDockerConfigPath},
-			want:    "{\"dns\":[\"172.17.0.1\"],\"live-restore\":true}",
+			want:    "{\"live-restore\":true}",
 			wantErr: false},
 	}
 
@@ -79,7 +79,7 @@ func Test_writeResolveConfig(t *testing.T) {
 	}{
 		{name: "overwrite file",
 			args:    args{configPath: tmpFileName},
-			want:    "[Resolve]\nDNS=127.0.0.1\nDomains=~.\n",
+			want:    "[Resolve]\nDNS=127.0.0.1 172.17.0.1\nDomains=~.\n",
 			wantErr: false},
 	}
 	for _, tt := range tests {