diff --git a/kube/deploy/core/dns/internal/k8s-gateway/app/netpol.yaml b/kube/deploy/core/dns/internal/k8s-gateway/app/netpol.yaml
index df50295e..6d2abe5d 100644
--- a/kube/deploy/core/dns/internal/k8s-gateway/app/netpol.yaml
+++ b/kube/deploy/core/dns/internal/k8s-gateway/app/netpol.yaml
@@ -24,6 +24,9 @@ spec:
         - ports:
             - port: "53"
             - port: "1053"
+    - fromEndpoints:
+        - matchLabels:
+            io.kubernetes.pod.namespace: "tailscale"
   egress:
     - toCIDRSet:
         - cidr: "${IP_ROUTER_VLAN_K8S}/32"