diff --git a/roles/kubernetes/preinstall/handlers/main.yml b/roles/kubernetes/preinstall/handlers/main.yml
index 3fd097577..81d13d412 100644
--- a/roles/kubernetes/preinstall/handlers/main.yml
+++ b/roles/kubernetes/preinstall/handlers/main.yml
@@ -95,3 +95,8 @@
     - inventory_hostname in groups['kube-master']
     - dns_mode != 'none'
     - resolvconf_mode == 'host_resolvconf'
+
+- name: Preinstall | Restart systemd-resolved
+  service:
+    name: systemd-resolved
+    state: restarted
diff --git a/roles/kubernetes/preinstall/tasks/0040-set_facts.yml b/roles/kubernetes/preinstall/tasks/0040-set_facts.yml
index 4a6318cc9..73b751589 100644
--- a/roles/kubernetes/preinstall/tasks/0040-set_facts.yml
+++ b/roles/kubernetes/preinstall/tasks/0040-set_facts.yml
@@ -43,6 +43,13 @@
   changed_when: false
   check_mode: no
 
+- name: check systemd-resolved
+  command: systemctl is-active systemd-resolved
+  register: systemd_resolved_enabled
+  failed_when: false
+  changed_when: false
+  check_mode: no
+
 - name: set dns facts
   set_fact:
     resolvconf: >-
diff --git a/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml b/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml
new file mode 100644
index 000000000..381135862
--- /dev/null
+++ b/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml
@@ -0,0 +1,9 @@
+---
+- name: Write resolved.conf
+  template:
+    src: resolved.conf.j2
+    dest: /etc/systemd/resolved.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: Preinstall | Restart systemd-resolved
diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml
index 63d20a923..9ae44f4a6 100644
--- a/roles/kubernetes/preinstall/tasks/main.yml
+++ b/roles/kubernetes/preinstall/tasks/main.yml
@@ -32,6 +32,16 @@
   when:
     - dns_mode != 'none'
     - resolvconf_mode == 'host_resolvconf'
+    - systemd_resolved_enabled.rc != 0
+  tags:
+    - bootstrap-os
+    - resolvconf
+
+- import_tasks: 0061-systemd-resolved.yml
+  when:
+    - dns_mode != 'none'
+    - resolvconf_mode == 'host_resolvconf'
+    - systemd_resolved_enabled.rc == 0
   tags:
     - bootstrap-os
     - resolvconf
diff --git a/roles/kubernetes/preinstall/templates/resolved.conf.j2 b/roles/kubernetes/preinstall/templates/resolved.conf.j2
new file mode 100644
index 000000000..6aac1a640
--- /dev/null
+++ b/roles/kubernetes/preinstall/templates/resolved.conf.j2
@@ -0,0 +1,13 @@
+[Resolve]
+{% if dns_late %}
+DNS={{ ( coredns_server + nameservers|d([]) + cloud_resolver|d([])) | unique | join(' ') }}
+{% else %}
+DNS={{ ( nameservers|d([]) + cloud_resolver|d([])) | unique | join(' ') }}
+{% endif %}
+#FallbackDNS=
+Domains={{ ([ 'default.svc.' + dns_domain, 'svc.' + dns_domain ] + searchdomains|default([])) | join(' ') }}
+#LLMNR=no
+#MulticastDNS=no
+DNSSEC=no
+Cache=no-negative
+#DNSStubListener=yes