diff --git a/tests/files/ubuntu24-calico-all-in-one-hardening.yml b/tests/files/ubuntu24-calico-all-in-one-hardening.yml
index 024f320d3..7a6a63f50 100644
--- a/tests/files/ubuntu24-calico-all-in-one-hardening.yml
+++ b/tests/files/ubuntu24-calico-all-in-one-hardening.yml
@@ -75,7 +75,10 @@ etcd_deployment_type: kubeadm
 kubelet_authentication_token_webhook: true
 kube_read_only_port: 0
 kubelet_rotate_server_certificates: true
-kubelet_csr_approver_enabled: false
+kubelet_csr_approver_enabled: true # For hydrophone
+kubelet_csr_approver_values:
+  # Do not check DNS resolution in testing (not recommended in production)
+  bypassDnsResolution: true
 kubelet_protect_kernel_defaults: true
 kubelet_event_record_qps: 1
 kubelet_rotate_certificates: true