diff --git a/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml b/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml
index 3811358629cc43964561f0bf0a1c37e6acda28a1..9edec2e6488c7aaa5bb77c5d180eb1ccb3270b56 100644
--- a/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml
+++ b/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml
@@ -1,8 +1,14 @@
 ---
-- name: Write resolved.conf
+- name: Create systemd-resolved drop-in directory
+  file:
+    state: directory
+    name: /etc/systemd/resolved.conf.d/
+    mode: 0755
+
+- name: Write Kubespray DNS settings to systemd-resolved
   template:
     src: resolved.conf.j2
-    dest: /etc/systemd/resolved.conf
+    dest: /etc/systemd/resolved.conf.d/kubespray.conf
     owner: root
     group: root
     mode: 0644
diff --git a/roles/kubernetes/preinstall/templates/resolved.conf.j2 b/roles/kubernetes/preinstall/templates/resolved.conf.j2
index 7c47b0b288f8c1641d1fceec7f6c5ac377daae99..edafbf9b9d3a652cfb0a388f20afeb8b354f8eb4 100644
--- a/roles/kubernetes/preinstall/templates/resolved.conf.j2
+++ b/roles/kubernetes/preinstall/templates/resolved.conf.j2
@@ -1,21 +1,15 @@
 [Resolve]
-{% if dns_early is sameas true and dns_late is sameas false %}
-#DNS=
-{% else %}
+{% if not dns_early and dns_late %}
 DNS={{ ([nodelocaldns_ip] if enable_nodelocaldns else coredns_server )| list | join(' ') }}
 {% endif %}
 FallbackDNS={{ ( upstream_dns_servers|d([]) + nameservers|d([]) + cloud_resolver|d([])) | unique | join(' ') }}
-{% if remove_default_searchdomains is sameas true and searchdomains|default([])|length != 0 %}
+{% if remove_default_searchdomains and searchdomains|default([])|length != 0 %}
 Domains={{ searchdomains|default([]) | join(' ') }}
 {% else %}
 Domains={{ ([ 'default.svc.' + dns_domain, 'svc.' + dns_domain ] + searchdomains|default([])) | join(' ') }}
 {% endif %}
-#LLMNR=no
-#MulticastDNS=no
 DNSSEC=no
 Cache=no-negative
 {% if systemd_resolved_disable_stub_listener | bool %}
 DNSStubListener=no
-{% else %}
-#DNSStubListener=yes
 {% endif %}
diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml
index 53fb9f44bb6530703ce9b42f864380c14fa5d6e5..84be011a516c70afc032d9da1faa6e4eabd2e7ac 100644
--- a/roles/reset/tasks/main.yml
+++ b/roles/reset/tasks/main.yml
@@ -314,6 +314,7 @@
     - /etc/dnsmasq.d
     - /etc/dnsmasq.conf
     - /etc/dnsmasq.d-available
+    - /etc/systemd/resolved.conf.d/kubespray.conf
     - /etc/etcd.env
     - /etc/calico
     - /etc/NetworkManager/conf.d/calico.conf