diff --git a/nftables-dns.conf b/nftables-dns.conf
index 66e7c74..455225d 100644
--- a/nftables-dns.conf
+++ b/nftables-dns.conf
@@ -48,12 +48,12 @@ table inet filter {
         type filter hook output priority filter
 
         oif lo goto output-internal
-        skuid != {root, systemd-network, chrony, unbound, powerdns} counter goto output-reject
+        skuid != {root, systemd-network, chrony, unbound, powerdns, geoipupdate} counter goto output-reject
     }
 
     chain output-internal {
         skuid unbound meta l4proto {tcp, udp} th sport 53 th dport >= 1024 accept
-        skuid {chrony, powerdns} meta l4proto {tcp, udp} th sport >= 1024 th dport 53 accept
+        skuid {chrony, powerdns, geoipupdate} meta l4proto {tcp, udp} th sport >= 1024 th dport 53 accept
 
         skuid != root counter goto output-reject
         accept