diff --git a/roles/dnsmasq/defaults/main.yml b/roles/dnsmasq/defaults/main.yml
index 15fb7f1693879488354f2a2ecc8429e8dc59a7b8..34f505063607bff536b266dfcc63b5bf850e0ed9 100644
--- a/roles/dnsmasq/defaults/main.yml
+++ b/roles/dnsmasq/defaults/main.yml
@@ -11,9 +11,6 @@
 # nameservers:
 #   - 127.0.0.1
 
-dns_forward_max: 150
-cache_size: 1000
-
 # Versions
 dnsmasq_version: 2.72
 
@@ -33,3 +30,46 @@ dnsmasq_min_replicas: 1
 
 # Custom name servers
 dnsmasq_upstream_dns_servers: []
+
+# Try each query with each server strictly in the order
+dnsmasq_enable_strict_order: true
+
+# Send queries to all servers
+dnsmasq_enable_all_servers: false
+
+# Maximum number of concurrent DNS queries.
+dns_forward_max: 150
+
+# Caching params
+cache_size: 1000
+dnsmasq_max_cache_ttl: 10
+dnsmasq_enable_no_negcache: true
+
+# Maximum TTL value that will be handed out to clients.
+# The specified maximum TTL will be given to clients
+# instead of the true TTL value if it is lower.
+dnsmasq_max_ttl: 20
+
+# If enabled - don't read /etc/resolv.conf.
+dnsmasq_enable_no_resolv: true
+
+# Bogus private reverse lookups.
+# All reverse lookups for private IP ranges (ie 192.168.x.x, etc)
+# which are not found in /etc/hosts or the DHCP leases file are
+# answered with "no such domain" rather than being forwarded upstream.
+# The set of prefixes affected is the list given in RFC6303, for IPv4 and IPv6.
+dnsmasq_enable_bogus_priv: true
+
+# This option forces dnsmasq to really bind only the interfaces it is listening on
+dnsmasq_enable_bind_interfaces: true
+dnsmasq_listen_address: "0.0.0.0"
+
+# Additional hosts file or directory
+dnsmasq_addn_hosts: /etc/hosts
+
+# Facility to which dnsmasq will send syslog entries.
+# If the facility is '-' then dnsmasq logs to stderr.
+dnsmasq_log_facility: "-"
+
+# Additional startup parameters
+dnsmasq_additional_startup_parameters: []
diff --git a/roles/dnsmasq/templates/01-kube-dns.conf.j2 b/roles/dnsmasq/templates/01-kube-dns.conf.j2
index 0134b4c3385bfdd012a2b8bd250d911a1bff6d5e..49e725d810897af09a878854a03198bc0fbc62c8 100644
--- a/roles/dnsmasq/templates/01-kube-dns.conf.j2
+++ b/roles/dnsmasq/templates/01-kube-dns.conf.j2
@@ -1,10 +1,24 @@
 #Listen on localhost
+{% if dnsmasq_enable_bind_interfaces %}
 bind-interfaces
-listen-address=0.0.0.0
+{% endif %}
+
+{% if dnsmasq_listen_address|length > 0 %}
+listen-address={{ dnsmasq_listen_address }}
+{% endif %}
 
-addn-hosts=/etc/hosts
+{% if dnsmasq_addn_hosts|length > 0 %}
+addn-hosts={{ dnsmasq_addn_hosts }}
+{% endif %}
 
+{% if dnsmasq_enable_strict_order %}
 strict-order
+{% endif %}
+
+{% if dnsmasq_enable_all_servers %}
+all-servers
+{% endif %}
+
 # Forward k8s domain to kube-dns
 server=/{{ dns_domain }}/{{ skydns_server }}
 # Reply NXDOMAIN to bogus domains requests like com.cluster.local.cluster.local
@@ -28,11 +42,25 @@ server={{ cloud_resolver }}
 {% if kube_log_level == '4' %}
 log-queries
 {% endif %}
+
+{% if dnsmasq_enable_no_resolv %}
 no-resolv
+{% endif %}
+
+{% if dnsmasq_enable_bogus_priv %}
 bogus-priv
+{% endif %}
+
+{% if dnsmasq_enable_no_negcache %}
 no-negcache
+{% endif %}
+
 cache-size={{ cache_size }}
 dns-forward-max={{ dns_forward_max }}
-max-cache-ttl=10
-max-ttl=20
-log-facility=-
+max-cache-ttl={{ dnsmasq_max_cache_ttl }}
+max-ttl={{ dnsmasq_max_ttl }}
+log-facility={{ dnsmasq_log_facility }}
+
+{% for dnsmasq_additional_startup_parameter in dnsmasq_additional_startup_parameters %}
+{{ dnsmasq_additional_startup_parameter }}
+{% endfor %}
\ No newline at end of file