diff --git a/dns-server.yaml b/dns-server.yaml
index 31fba5b..51f18eb 100644
--- a/dns-server.yaml
+++ b/dns-server.yaml
@@ -47,15 +47,14 @@ data:
         prometheus :9153
     }
 
-    # Internal Kubernetes DNS
-    cluster.local:53 {
-        errors
-        kubernetes cluster.local in-addr.arpa ip6.arpa {
-            pods insecure
-            fallthrough in-addr.arpa ip6.arpa
-        }
-        prometheus :9153
-    }
+    # Internal services (optional - for internal cluster DNS)
+    # Disabled kubernetes plugin to avoid RBAC issues
+    # cluster.local:53 {
+    #     errors
+    #     kubernetes cluster.local {
+    #         pods insecure
+    #     }
+    # }
 
     # Forward all other queries to upstream DNS
     .:53 {
@@ -241,25 +240,15 @@ spec:
               name: metrics
               protocol: TCP
           livenessProbe:
-            httpGet:
-              path: /health
-              port: 8080
-              scheme: HTTP
-            initialDelaySeconds: 60
+            tcpSocket:
+              port: 53
+            initialDelaySeconds: 15
             periodSeconds: 10
-            timeoutSeconds: 5
-            successThreshold: 1
-            failureThreshold: 5
           readinessProbe:
-            httpGet:
-              path: /ready
-              port: 8181
-              scheme: HTTP
-            initialDelaySeconds: 10
+            tcpSocket:
+              port: 53
+            initialDelaySeconds: 5
             periodSeconds: 5
-            timeoutSeconds: 5
-            successThreshold: 1
-            failureThreshold: 3
           resources:
             requests:
               memory: "256Mi"