diff --git a/deploy/chart/values.yaml b/deploy/chart/values.yaml
index 394159bb4b..652b417dd3 100644
--- a/deploy/chart/values.yaml
+++ b/deploy/chart/values.yaml
@@ -110,10 +110,11 @@ networkPolicy:
         port: 53
       - protocol: UDP
         port: 53
-  kubeAPIServer:
-    ports:
       - protocol: TCP
-        port: 6443
+        port: 5353
+      - protocol: UDP
+        port: 5353
+  kubeAPIServer: {}
   metrics:
     ports:
       - protocol: TCP
diff --git a/pkg/controller/registry/reconciler/helpers.go b/pkg/controller/registry/reconciler/helpers.go
index 8302cd5df6..eca6a2459d 100644
--- a/pkg/controller/registry/reconciler/helpers.go
+++ b/pkg/controller/registry/reconciler/helpers.go
@@ -46,14 +46,29 @@ func DesiredGRPCServerNetworkPolicy(catalogSource *v1alpha1.CatalogSource, match
 		},
 	}
 
-	// Allow egress to kube-apiserver from configmap backed catalog sources
+	// Allow egress to kube-apiserver and DNS from configmap backed catalog sources
 	if catalogSource.Spec.SourceType == v1alpha1.SourceTypeConfigmap || catalogSource.Spec.SourceType == v1alpha1.SourceTypeInternal {
 		np.Spec.Egress = []networkingv1.NetworkPolicyEgressRule{
+			// Wildcard allow all IPs/Ports for kube-apiserver
+			{},
+			// Wildcard allow all IPs with DNS ports
 			{
 				Ports: []networkingv1.NetworkPolicyPort{
 					{
 						Protocol: ptr.To(corev1.ProtocolTCP),
-						Port:     ptr.To(intstr.FromInt32(6443)),
+						Port:     ptr.To(intstr.FromInt32(53)),
+					},
+					{
+						Protocol: ptr.To(corev1.ProtocolUDP),
+						Port:     ptr.To(intstr.FromInt32(53)),
+					},
+					{
+						Protocol: ptr.To(corev1.ProtocolTCP),
+						Port:     ptr.To(intstr.FromInt32(5353)),
+					},
+					{
+						Protocol: ptr.To(corev1.ProtocolUDP),
+						Port:     ptr.To(intstr.FromInt32(5353)),
 					},
 				},
 			},
@@ -90,11 +105,26 @@ func DesiredUnpackBundlesNetworkPolicy(catalogSource client.Object) *networkingv
 			},
 			PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeIngress, networkingv1.PolicyTypeEgress},
 			Egress: []networkingv1.NetworkPolicyEgressRule{
+				// Wildcard allow all IPs/Ports for kube-apiserver
+				{},
+				// Wildcard allow all IPs with DNS ports
 				{
 					Ports: []networkingv1.NetworkPolicyPort{
 						{
 							Protocol: ptr.To(corev1.ProtocolTCP),
-							Port:     ptr.To(intstr.FromInt32(6443)),
+							Port:     ptr.To(intstr.FromInt32(53)),
+						},
+						{
+							Protocol: ptr.To(corev1.ProtocolUDP),
+							Port:     ptr.To(intstr.FromInt32(53)),
+						},
+						{
+							Protocol: ptr.To(corev1.ProtocolTCP),
+							Port:     ptr.To(intstr.FromInt32(5353)),
+						},
+						{
+							Protocol: ptr.To(corev1.ProtocolUDP),
+							Port:     ptr.To(intstr.FromInt32(5353)),
 						},
 					},
 				},