diff --git a/src/operator/controllers/intents_reconcilers/networkpolicy/builders/dns_egress_network_policy.go b/src/operator/controllers/intents_reconcilers/networkpolicy/builders/dns_egress_network_policy.go
index 5565e52db..cf096c598 100644
--- a/src/operator/controllers/intents_reconcilers/networkpolicy/builders/dns_egress_network_policy.go
+++ b/src/operator/controllers/intents_reconcilers/networkpolicy/builders/dns_egress_network_policy.go
@@ -30,6 +30,10 @@ func (r *DNSEgressNetworkPolicyBuilder) buildNetworkPolicyEgressRules(ep effecti
 				Protocol: lo.ToPtr(corev1.ProtocolUDP),
 				Port:     lo.ToPtr(intstr.FromInt32(53)),
 			},
+			{
+				Protocol: lo.ToPtr(corev1.ProtocolTCP),
+				Port:     lo.ToPtr(intstr.FromInt32(53)),
+			},
 		},
 	})
 	return egressRules
diff --git a/src/operator/controllers/intents_reconcilers/networkpolicy/builders/dns_egress_network_policy_test.go b/src/operator/controllers/intents_reconcilers/networkpolicy/builders/dns_egress_network_policy_test.go
index f78c94422..1e2dab041 100644
--- a/src/operator/controllers/intents_reconcilers/networkpolicy/builders/dns_egress_network_policy_test.go
+++ b/src/operator/controllers/intents_reconcilers/networkpolicy/builders/dns_egress_network_policy_test.go
@@ -164,6 +164,10 @@ func networkPolicyDNSEgressTemplate(
 							Protocol: lo.ToPtr(corev1.ProtocolUDP),
 							Port:     lo.ToPtr(intstr.FromInt32(53)),
 						},
+						{
+							Protocol: lo.ToPtr(corev1.ProtocolTCP),
+							Port:     lo.ToPtr(intstr.FromInt32(53)),
+						},
 					},
 				},
 			},
diff --git a/src/operator/controllers/intents_reconcilers/networkpolicy/builders/ingress_dns_server_allow_network_policy.go b/src/operator/controllers/intents_reconcilers/networkpolicy/builders/ingress_dns_server_allow_network_policy.go
index fc357256e..4222681f8 100644
--- a/src/operator/controllers/intents_reconcilers/networkpolicy/builders/ingress_dns_server_allow_network_policy.go
+++ b/src/operator/controllers/intents_reconcilers/networkpolicy/builders/ingress_dns_server_allow_network_policy.go
@@ -29,10 +29,16 @@ func (r *IngressDNSServerAutoAllowNetpolBuilder) buildIngressRulesFromServiceEff
 		return ingressRules
 	}
 	ingressRules = append(ingressRules, v1.NetworkPolicyIngressRule{
-		Ports: []v1.NetworkPolicyPort{{
-			Protocol: lo.ToPtr(corev1.ProtocolUDP),
-			Port:     lo.ToPtr(intstr.FromInt32(53)),
-		}},
+		Ports: []v1.NetworkPolicyPort{
+			{
+				Protocol: lo.ToPtr(corev1.ProtocolUDP),
+				Port:     lo.ToPtr(intstr.FromInt32(53)),
+			},
+			{
+				Protocol: lo.ToPtr(corev1.ProtocolTCP),
+				Port:     lo.ToPtr(intstr.FromInt32(53)),
+			},
+		},
 	})
 	return ingressRules
 }
diff --git a/src/operator/controllers/intents_reconcilers/networkpolicy/builders/ingress_dns_server_allow_network_policy_test.go b/src/operator/controllers/intents_reconcilers/networkpolicy/builders/ingress_dns_server_allow_network_policy_test.go
index e5b96eb0d..8a4e7e2f6 100644
--- a/src/operator/controllers/intents_reconcilers/networkpolicy/builders/ingress_dns_server_allow_network_policy_test.go
+++ b/src/operator/controllers/intents_reconcilers/networkpolicy/builders/ingress_dns_server_allow_network_policy_test.go
@@ -104,10 +104,16 @@ func ingressDNSnetworkPolicyIngressTemplate(
 ) *v1.NetworkPolicy {
 	ingressRules := lo.Map(intentsObjNamespaces, func(namespace string, _ int) v1.NetworkPolicyIngressRule {
 		return v1.NetworkPolicyIngressRule{
-			Ports: []v1.NetworkPolicyPort{{
-				Protocol: lo.ToPtr(v12.ProtocolUDP),
-				Port:     &intstr.IntOrString{Type: intstr.Int, IntVal: 53},
-			}},
+			Ports: []v1.NetworkPolicyPort{
+				{
+					Protocol: lo.ToPtr(v12.ProtocolUDP),
+					Port:     &intstr.IntOrString{Type: intstr.Int, IntVal: 53},
+				},
+				{
+					Protocol: lo.ToPtr(v12.ProtocolTCP),
+					Port:     &intstr.IntOrString{Type: intstr.Int, IntVal: 53},
+				},
+			},
 		}
 	})
 	return &v1.NetworkPolicy{