diff --git a/docs/dns-stack.md b/docs/dns-stack.md
index 42d1bf0e6f715ba0fa5a493d37bb00c150816e7c..04662594ec7c3bbff83d904f56c01d5ba832c96a 100644
--- a/docs/dns-stack.md
+++ b/docs/dns-stack.md
@@ -86,6 +86,28 @@ dns_etchosts: |
 
 Whether reverse DNS lookups are enabled in the coredns config. Defaults to `true`.
 
+### CoreDNS default zone cache plugin
+
+If you wish to configure the caching behaviour of CoreDNS on the default zone, you can do so using the `coredns_default_zone_cache_block` string block.
+
+An example value (more information on the [plugin's documentation](https://coredns.io/plugins/cache/)) to:
+
+* raise the max cache TTL to 3600 seconds
+* raise the max amount of success responses to cache to 3000
+* disable caching of denial responses altogether
+* enable pre-fetching of lookups with at least 10 lookups per minute before they expire
+
+Would be as follows:
+
+```yaml
+coredns_default_zone_cache_block: |
+  cache 3600 {
+    success 3000
+    denial 0
+    prefetch 10 1m
+  }
+```
+
 ## DNS modes supported by Kubespray
 
 You can modify how Kubespray sets up DNS for your cluster with the variables ``dns_mode`` and ``resolvconf_mode``.
diff --git a/roles/kubernetes-apps/ansible/defaults/main.yml b/roles/kubernetes-apps/ansible/defaults/main.yml
index 37db5b6f5fe99e670076da71b99c5be7fde2cba0..dfaba48212f623a61bb7c1e402905ff82c6711ad 100644
--- a/roles/kubernetes-apps/ansible/defaults/main.yml
+++ b/roles/kubernetes-apps/ansible/defaults/main.yml
@@ -11,6 +11,8 @@ enable_coredns_reverse_dns_lookups: true
 coredns_ordinal_suffix: ""
 # dns_extra_tolerations: [{effect: NoSchedule, operator: "Exists"}]
 coredns_deployment_nodeselector: "kubernetes.io/os: linux"
+coredns_default_zone_cache_block: |
+  cache 30
 
 # nodelocaldns
 nodelocaldns_cpu_requests: 100m
diff --git a/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2 b/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
index f4747cd9f62fd0f4b041bfe73d55c9dc73c88113..567824719d13fe9892d64b137878e133fbf6f3d1 100644
--- a/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
@@ -53,7 +53,7 @@ data:
 {% if enable_coredns_k8s_external %}
         k8s_external {{ coredns_k8s_external_zone }}
 {% endif %}
-        cache 30
+        {{ coredns_default_zone_cache_block | indent(width=8, first=False) }}
         loop
         reload
         loadbalance