diff --git a/k8s.tjo.cloud/modules/cluster/components.tf b/k8s.tjo.cloud/modules/cluster/components.tf
index 5696f85..22f03a7 100644
--- a/k8s.tjo.cloud/modules/cluster/components.tf
+++ b/k8s.tjo.cloud/modules/cluster/components.tf
@@ -26,18 +26,21 @@ data "helm_template" "cilium" {
     bpf:
       masquerade: true
 
-    enableIPv4Masquerade: true
     ipv4:
       enabled: true
     ipv4NativeRoutingCIDR: "${var.cluster.pod_cidr.ipv4}"
 
-    enableIPv6Masquerade: true
     ipv6:
       enabled: false
     ipv6NativeRoutingCIDR: "${var.cluster.pod_cidr.ipv6}"
 
     kubeProxyReplacement: true
 
+    # This breaks it??
+    #k8s:
+    #  requireIPv4PodCIDR: true
+    #  requireIPv6PodCIDR: true
+
     securityContext:
       capabilities:
         ciliumAgent:
diff --git a/k8s.tjo.cloud/modules/cluster/main.tf b/k8s.tjo.cloud/modules/cluster/main.tf
index 5c61af6..5b2f5d0 100644
--- a/k8s.tjo.cloud/modules/cluster/main.tf
+++ b/k8s.tjo.cloud/modules/cluster/main.tf
@@ -184,6 +184,12 @@ locals {
         image = "factory.talos.dev/installer/${var.talos.schematic_id}:${var.talos.version}"
         disk  = "/dev/vda"
       }
+      features = {
+        hostDNS = {
+          enabled              = true
+          forwardKubeDNSToHost = false
+        }
+      }
     }
   }