diff --git a/roles/base/templates/iptables/iptables.kojibuilder b/roles/base/templates/iptables/iptables.kojibuilder
index c69c3ec822..433f911a6e 100644
--- a/roles/base/templates/iptables/iptables.kojibuilder
+++ b/roles/base/templates/iptables/iptables.kojibuilder
@@ -58,6 +58,8 @@
 # DNS
 -A OUTPUT -p udp -m udp -d 10.5.126.21 --dport 53 -j ACCEPT
 -A OUTPUT -p udp -m udp -d 10.5.126.22 --dport 53 -j ACCEPT
+-A OUTPUT -p tcp -m tcp -d 10.5.126.21 --dport 53 -j ACCEPT
+-A OUTPUT -p tcp -m tcp -d 10.5.126.22 --dport 53 -j ACCEPT
 
 # bastion smtp
 -A OUTPUT -p tcp -m tcp -d 10.5.126.12 --dport 25 -j ACCEPT