diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6b0152c31b194640905def59c34ec7d72deb5ccc..e586c7e5f05b3232c792215b482c8251db148fde 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ---
 
+## [1.13.0-bb.4]
+### Fixed
+- update allow-kube-dns NP to conditionally add port 5353 egress when `.Values.anchoreGlobal.openShiftDeployment` is `true`
+
 ## [1.13.0-bb.3]
 ### Fixed
 - incorrect label on `allow-egress-enterprise-engine-upgrade-job` network policy
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index fc5c4c88c9f498dae0fcd2dfd5c5f6a9bd92dcaf..eeeaaee2c9108852b50545c961f4c3ad2d3393c3 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: anchore-engine
-version: 1.13.0-bb.3
+version: 1.13.0-bb.4
 appVersion: 0.10.0
 description: Anchore container analysis and policy evaluation engine service
 keywords:
diff --git a/chart/templates/bigbang/networkpolicies/allow-kube-dns.yaml b/chart/templates/bigbang/networkpolicies/allow-kube-dns.yaml
index 17d27b14f0f76711882ded3cff22c6525ac3948c..87bb5798b7487732e244f04d3ca4708e3db668b3 100644
--- a/chart/templates/bigbang/networkpolicies/allow-kube-dns.yaml
+++ b/chart/templates/bigbang/networkpolicies/allow-kube-dns.yaml
@@ -19,4 +19,8 @@ spec:
       protocol: UDP
     - port: 443
       protocol: TCP
-{{- end }}
\ No newline at end of file
+    {{- if .Values.anchoreGlobal.openShiftDeployment }}  
+    - port: 5353
+      protocol: UDP
+    {{- end }}
+{{- end }}