diff --git a/roles/vhosts/k3s_platform_addon/defaults/main.yml b/roles/vhosts/k3s_platform_addon/defaults/main.yml
index 8923015..44e414e 100644
--- a/roles/vhosts/k3s_platform_addon/defaults/main.yml
+++ b/roles/vhosts/k3s_platform_addon/defaults/main.yml
@@ -8,6 +8,7 @@ k3s_platform_reloader_chart_version: "1.3.0"
 k3s_platform_caddy_chart_version: "1.2.0"
 k3s_platform_apisix_chart_version: "2.13.0"
 k3s_platform_external_dns_chart_version: "1.20.0"
+k3s_platform_external_dns_chart_repo_url: "https://kubernetes-sigs.github.io/external-dns/"
 
 k3s_platform_values:
   components:
diff --git a/roles/vhosts/k3s_platform_addon/tasks/main.yml b/roles/vhosts/k3s_platform_addon/tasks/main.yml
index 84d985b..c589b31 100644
--- a/roles/vhosts/k3s_platform_addon/tasks/main.yml
+++ b/roles/vhosts/k3s_platform_addon/tasks/main.yml
@@ -130,7 +130,32 @@
   ansible.builtin.shell: |
     set -euo pipefail
     export KUBECONFIG="{{ k3s_platform_kubeconfig_path }}"
-    helm upgrade --install "{{ k3s_platform_values.components.externalDns.releaseName }}" external-dns/external-dns \
+    chart_dir="$(mktemp -d /tmp/external-dns.XXXXXX)"
+    cleanup() {
+      rm -rf "$chart_dir"
+    }
+    trap cleanup EXIT
+
+    attempt=1
+    max_attempts=6
+    while true; do
+      rm -rf "$chart_dir"/*
+      if helm pull --repo "{{ k3s_platform_external_dns_chart_repo_url }}" \
+        --version "{{ k3s_platform_external_dns_chart_version }}" \
+        --untar \
+        --untardir "$chart_dir" \
+        external-dns; then
+        break
+      fi
+      if [ "$attempt" -ge "$max_attempts" ]; then
+        echo "failed to download external-dns after $attempt attempts" >&2
+        exit 1
+      fi
+      sleep "$((attempt * 30))"
+      attempt=$((attempt + 1))
+    done
+
+    helm upgrade --install "{{ k3s_platform_values.components.externalDns.releaseName }}" "$chart_dir/external-dns" \
       --namespace platform \
       --create-namespace \
       --version "{{ k3s_platform_external_dns_chart_version }}" \