diff --git a/chart/templates/networkpolicy.yaml b/chart/templates/networkpolicy.yaml
index 5be4005982..9b9ade8ec0 100644
--- a/chart/templates/networkpolicy.yaml
+++ b/chart/templates/networkpolicy.yaml
@@ -78,17 +78,21 @@ spec:
     matchLabels:
       release: {{ .Release.Name }}
   egress:
-    # Allows outgoing connections to all pods with
-    # port 443, 8443 or 6443. This is needed for host Kubernetes
-    # access
+    # Allows outgoing connections to all necessary pods with
+    # port 443, 8443 or 6443 or system dns. This is needed for
+    # host Kubernetes access.
     - ports:
         - port: 443
         - port: 8443
         - port: 6443
-    # Allows outgoing connections to all vcluster workloads
-    # or kube system dns server
+        - port: 53
+          protocol: UDP
+        - port: 53
+          protocol: TCP
     - to:
-        - podSelector: {}
+        - podSelector:
+            matchLabels:
+              release: {{ .Release.Name }}
         - namespaceSelector:
             matchLabels:
               kubernetes.io/metadata.name: 'kube-system'