diff --git a/manifests/cilium.yaml b/manifests/cilium.yaml
index c5413ede9..8f1e9085f 100644
--- a/manifests/cilium.yaml
+++ b/manifests/cilium.yaml
@@ -23,4 +23,4 @@ spec:
     k8sServiceHost: "%{API_SERVER_HOST}%"
     k8sServicePort: "%{API_SERVER_PORT}%"
     dnsProxy:
-      enabled: true
+      enabled: false
diff --git a/pkg/sandboxmatrix/grpc/orchestrator.go b/pkg/sandboxmatrix/grpc/orchestrator.go
index 22d7d637f..326f5e73a 100644
--- a/pkg/sandboxmatrix/grpc/orchestrator.go
+++ b/pkg/sandboxmatrix/grpc/orchestrator.go
@@ -662,6 +662,7 @@ func SandboxPodSpec(runtimeClass, pvcName, cpu, memory, image string) corev1.Pod
 			VolumeMounts:    []corev1.VolumeMount{{Name: "workspace", MountPath: "/workspace"}},
 		}},
 		Volumes:       []corev1.Volume{vol},
+		DNSPolicy: corev1.DNSDefault,
 		RestartPolicy: corev1.RestartPolicyNever,
 	}
 	if runtimeClass != "" {
@@ -745,12 +746,7 @@ func (o *Orchestrator) applyCNP(ctx context.Context, session *sandboxv1.SandboxS
 			},
 			"egress": []interface{}{
 				map[string]interface{}{
-					"toEndpoints": []interface{}{
-						map[string]interface{}{"matchLabels": map[string]interface{}{
-							"k8s:io.kubernetes.pod.namespace": "kube-system",
-							"k8s:k8s-app":                    "kube-dns",
-						}},
-					},
+					"toEntities": []interface{}{"world"},
 					"toPorts": []interface{}{
 						map[string]interface{}{
 							"ports": []interface{}{map[string]interface{}{"port": "53", "protocol": "ANY"}},