diff --git a/docs/dns-stack.md b/docs/dns-stack.md
index 7f30c3641..7771c26bb 100644
--- a/docs/dns-stack.md
+++ b/docs/dns-stack.md
@@ -82,6 +82,10 @@ dns_etchosts: |
   192.168.0.200 ingress.example.com
 ```
 
+### enable_coredns_reverse_dns_lookups
+
+Whether reverse DNS lookups are enabled in the coredns config. Defaults to `true`.
+
 ## DNS modes supported by Kubespray
 
 You can modify how Kubespray sets up DNS for your cluster with the variables ``dns_mode`` and ``resolvconf_mode``.
diff --git a/roles/kubernetes-apps/ansible/defaults/main.yml b/roles/kubernetes-apps/ansible/defaults/main.yml
index 79afd33a2..00e09dd7c 100644
--- a/roles/kubernetes-apps/ansible/defaults/main.yml
+++ b/roles/kubernetes-apps/ansible/defaults/main.yml
@@ -7,6 +7,7 @@ dns_min_replicas: 2
 dns_nodes_per_replica: 16
 dns_cores_per_replica: 256
 dns_prevent_single_point_failure: "{{ 'true' if dns_min_replicas|int > 1 else 'false' }}"
+enable_coredns_reverse_dns_lookups: true
 coredns_ordinal_suffix: ""
 # dns_extra_tolerations: [{effect: NoSchedule, operator: "Exists"}]
 
diff --git a/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2 b/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
index 6f0044ccb..111dbe758 100644
--- a/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
@@ -31,12 +31,14 @@ data:
             lameduck 5s
         }
         ready
-        kubernetes {{ dns_domain }} in-addr.arpa ip6.arpa {
+        kubernetes {{ dns_domain }} {% if enable_coredns_reverse_dns_lookups %}in-addr.arpa ip6.arpa {% endif %}{
           pods insecure
 {% if enable_coredns_k8s_endpoint_pod_names %}
           endpoint_pod_names
 {% endif %}
+{% if enable_coredns_reverse_dns_lookups %}
           fallthrough in-addr.arpa ip6.arpa
+{% endif %}
         }
         prometheus :9153
 {% if resolvconf_mode == 'host_resolvconf' and upstream_dns_servers is defined and upstream_dns_servers|length > 0 %}