I recently ran into the same issue as the OP.

One thing to check is to make sure that the DNS pod does use port 53. You can find that by checking k8s service/endpoint on the DNS. In openshift case, the service has port 53, but it points to container port 5353. After I change the port from 53 to 5353 in the networkpolicy, DNS traffic is no longer blocked.