diff --git a/roles/dnsmasq/handlers/main.yml b/roles/dnsmasq/handlers/main.yml
deleted file mode 100644
index 48b3137274e921e7396ce79161cb36823043caf9..0000000000000000000000000000000000000000
--- a/roles/dnsmasq/handlers/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-- name: restart dnsmasq
-  command: systemctl restart dnsmasq
diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml
index 9f4169ace891e0ea9187a4502041da94ec0cf9f7..57bb95e9780ec43beffbb86aa0cbf9ba6c67f7b9 100644
--- a/roles/dnsmasq/tasks/main.yml
+++ b/roles/dnsmasq/tasks/main.yml
@@ -28,16 +28,6 @@
     - '^127\.0\.0\.1(\s+){{ inventory_hostname }}.*'
     - '^::1(\s+){{ inventory_hostname }}.*'
 
-- name: install dnsmasq and bindr9utils
-  apt:
-    name: "{{ item }}"
-    state: present
-    update_cache: yes
-  with_items:
-    - dnsmasq
-    - bind9utils
-  when: inventory_hostname in groups['kube-master']
-
 - name: ensure dnsmasq.d directory exists
   file:
     path: /etc/dnsmasq.d
@@ -50,15 +40,17 @@
     dest: /etc/dnsmasq.d/01-kube-dns.conf
     mode: 755
     backup: yes
-  notify:
-    - restart dnsmasq
   when: inventory_hostname in groups['kube-master']
 
-- name: enable dnsmasq
-  service:
-    name: dnsmasq
-    state: started
-    enabled: yes
+- name: create dnsmasq pod template
+  template: src=dnsmasq-pod.yml dest=/etc/kubernetes/manifests/dnsmasq-pod.manifest
+  when: inventory_hostname in groups['kube-master']
+
+- name: Check for dnsmasq port
+  wait_for:
+    port: 53
+    delay: 5
+    timeout: 100
   when: inventory_hostname in groups['kube-master']
 
 - name: update resolv.conf with new DNS setup
diff --git a/roles/dnsmasq/templates/dnsmasq-pod.yml b/roles/dnsmasq/templates/dnsmasq-pod.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1150e14c709e5f66afc38bba38932b32a675a7d0
--- /dev/null
+++ b/roles/dnsmasq/templates/dnsmasq-pod.yml
@@ -0,0 +1,49 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dnsmasq
+  namespace: kube-system
+spec:
+  hostNetwork: true
+  containers:
+    - name: dnsmasq
+      image: andyshinn/dnsmasq:2.72
+      command:
+        - dnsmasq
+      args:
+        - -k
+        - "-7"
+        - /etc/dnsmasq.d
+        - --local-service
+      securityContext:
+        capabilities:
+          add:
+            - NET_ADMIN
+      imagePullPolicy: Always
+      resources:
+        limits:
+          cpu: 100m
+          memory: 256M
+      ports:
+        - name: dns
+          containerPort: 53
+          hostPort: 53
+          protocol: UDP
+        - name: dns-tcp
+          containerPort: 53
+          hostPort: 53
+          protocol: TCP
+      volumeMounts:
+        - name: etcdnsmasqd
+          mountPath: /etc/dnsmasq.d
+        - name: etcdnsmasqdavailable
+          mountPath: /etc/dnsmasq.d-available
+
+  volumes:
+    - name: etcdnsmasqd
+      hostPath:
+        path: /etc/dnsmasq.d
+    - name: etcdnsmasqdavailable
+      hostPath:
+        path: /etc/dnsmasq.d-available
diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
index a1c77f49af738d888945469856ce7f9ccc6d44fd..3a2902a1f9b457f7389b2b4241cc26fca5740910 100644
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@@ -10,4 +10,4 @@
   wait_for:
     port: 2379
     delay: 5
-    timeout: 30
+    timeout: 100