diff --git a/utils/kargo/roles/postinstall/tasks/dns_fix.yml b/utils/kargo/roles/postinstall/tasks/dns_fix.yml
new file mode 100644
index 0000000..1b41d28
--- /dev/null
+++ b/utils/kargo/roles/postinstall/tasks/dns_fix.yml
@@ -0,0 +1,52 @@
+---
+# NOTE(mattymo): This can be removed after release of Calico 2.1
+
+- name: Get timestamp from oldest dhclient pid
+  shell: "pgrep -o dhclient | xargs --no-run-if-empty -I{} stat --printf='%Y' /proc/{}"
+  register: oldest_dhclient_time
+
+- name: check if /etc/dhclient.conf exists
+  stat:
+    path: /etc/dhclient.conf
+  register: dhclient_find_stat
+
+- name: target dhclient conf file for /etc/dhclient.conf
+  set_fact:
+    dhclientconffile: /etc/dhclient.conf
+  when: dhclient_find_stat.stat.exists
+
+- name: target dhclient conf file for /etc/dhcp/dhclient.conf
+  set_fact:
+    dhclientconffile: /etc/dhcp/dhclient.conf
+  when: not dhclient_find_stat.stat.exists
+
+- name: Gather info on dhclient.conf
+  stat:
+    path: "{{ dhclientconffile }}"
+  register: dhclient_stat
+
+- name: See if oldest dhclient process is older than dhclient.conf
+  set_fact:
+    needs_network_reset: "{{ oldest_dhclient_time.stdout != '' and oldest_dhclient_time.stdout|int < dhclient_stat.stat.mtime }}"
+
+- name: Calculate number of seconds since dhclient.conf was modified
+  set_fact:
+    mtime_dhclientconf: "{{ ansible_date_time.epoch|int - dhclient_stat.stat.mtime|int }}"
+
+- name: Set networking service name
+  set_fact:
+    networking_service_name: >-
+      {% if ansible_os_family == "RedHat" -%}
+      network
+      {%- elif ansible_os_family == "Debian" -%}
+      networking
+      {%- endif %}
+
+- name: Restart networking, kubelet, and docker services
+  shell: "{{ item }}"
+  when: needs_network_reset|bool and inventory_hostname in groups['k8s-cluster']
+  with_items:
+  - systemctl restart {{ networking_service_name }}
+  - killall dhclient --older-than {{ mtime_dhclientconf }}s
+  - docker exec -t -i calico-node killall -HUP calico-felix
+
diff --git a/utils/kargo/roles/postinstall/tasks/main.yml b/utils/kargo/roles/postinstall/tasks/main.yml
index 664792d..fd3f0a4 100644
--- a/utils/kargo/roles/postinstall/tasks/main.yml
+++ b/utils/kargo/roles/postinstall/tasks/main.yml
@@ -1,4 +1,7 @@
 ---
+- include: dns_fix.yml
+  when: kube_network_plugin in ['canal', 'calico']
+
 - name: pick dnsmasq cluster IP
   set_fact:
     dnsmasq_server: >-