diff --git a/apache.te b/apache.te
index 08c3720..c1e855c 100644
--- a/apache.te
+++ b/apache.te
@@ -187,6 +187,13 @@ gen_tunable(httpd_run_stickshift, false)
 
 ## <desc>
 ## <p>
+## Allow Apache to query NS records
+## </p>
+## </desc>
+gen_tunable(httpd_verify_dns, false)
+
+## <desc>
+## <p>
 ## Allow httpd daemon to change its resource limits
 ## </p>
 ## </desc>
@@ -1009,6 +1016,10 @@ logging_send_syslog_msg(httpd_helper_t)
 
 userdom_use_inherited_user_terminals(httpd_helper_t)
 
+tunable_policy(`httpd_verify_dns',`
+	corenet_udp_bind_all_ephemeral_ports(httpd_t)
+')
+
 tunable_policy(`httpd_run_stickshift', `
 	allow httpd_t self:capability { fowner fsetid sys_resource };
 	dontaudit httpd_t self:capability sys_ptrace;