diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml
index d8050d5149a29a9683d371c41e577968f969b15b..105a08831b936f8ea36cd659887a9c2fa8f5caa5 100644
--- a/roles/dnsmasq/tasks/main.yml
+++ b/roles/dnsmasq/tasks/main.yml
@@ -63,22 +63,21 @@
 
 - name: Add search resolv.conf
   lineinfile:
-    line: search {{ [ 'default.svc.' + dns_domain, 'svc.' + dns_domain, dns_domain ] | join(' ') }}
+    line: "search {{ [ 'default.svc.' + dns_domain, 'svc.' + dns_domain, dns_domain ] | join(' ') }}"
     dest: "{{resolvconffile}}"
     state: present
     insertbefore: BOF
     backup: yes
     follow: yes
 
-- name: Add all masters as nameserver
+- name: Add local dnsmasq to resolv.conf
   lineinfile:
-    line: nameserver {{ hostvars[item]['ansible_default_ipv4']['address'] }}
+    line: "nameserver 127.0.0.1"
     dest: "{{resolvconffile}}"
     state: present
     insertafter: "^search.*$"
     backup: yes
     follow: yes
-  with_items: groups['kube-master']
 
 - name: Add options to resolv.conf
   lineinfile:
diff --git a/roles/dnsmasq/templates/dnsmasq-pod.yml b/roles/dnsmasq/templates/dnsmasq-pod.yml
index 1150e14c709e5f66afc38bba38932b32a675a7d0..70a826600e6e73951f07b17a6d0c75b57a62e3b9 100644
--- a/roles/dnsmasq/templates/dnsmasq-pod.yml
+++ b/roles/dnsmasq/templates/dnsmasq-pod.yml
@@ -29,9 +29,11 @@ spec:
         - name: dns
           containerPort: 53
           hostPort: 53
+          hostIP: 127.0.0.1
           protocol: UDP
         - name: dns-tcp
           containerPort: 53
+          hostIP: 127.0.0.1
           hostPort: 53
           protocol: TCP
       volumeMounts: