diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml
index ab534dfb2..7ba02c36c 100644
--- a/roles/dnsmasq/tasks/main.yml
+++ b/roles/dnsmasq/tasks/main.yml
@@ -21,16 +21,17 @@
   apt:
     name: "{{ item }}"
     state: present
+    update_cache: yes
   with_items:
     - dnsmasq
     - bind9utils
-  when: inventory_hostname in groups['kube-master'][0]
+  when: inventory_hostname in groups['kube-master']
 
 - name: ensure dnsmasq.d directory exists
   file:
     path: /etc/dnsmasq.d
     state: directory
-  when: inventory_hostname in groups['kube-master'][0]
+  when: inventory_hostname in groups['kube-master']
 
 - name: configure dnsmasq
   template:
@@ -39,14 +40,14 @@
     mode: 755
   notify:
     - restart dnsmasq
-  when: inventory_hostname in groups['kube-master'][0]
+  when: inventory_hostname in groups['kube-master']
 
 - name: enable dnsmasq
   service:
     name: dnsmasq
     state: started
     enabled: yes
-  when: inventory_hostname in groups['kube-master'][0]
+  when: inventory_hostname in groups['kube-master']
 
 - name: update resolv.conf with new DNS setup
   template:
@@ -56,3 +57,5 @@
 
 - name: disable resolv.conf modification by dhclient
   copy: src=dhclient_nodnsupdate dest=/etc/dhcp/dhclient-enter-hooks.d/nodnsupdate mode=u+x
+
+- meta: flush_handlers
diff --git a/roles/dnsmasq/templates/resolv.conf.j2 b/roles/dnsmasq/templates/resolv.conf.j2
index d10a6fc92..f0b475b02 100644
--- a/roles/dnsmasq/templates/resolv.conf.j2
+++ b/roles/dnsmasq/templates/resolv.conf.j2
@@ -1,5 +1,9 @@
 ; generated by ansible
 search {{ [ 'default.svc.' + dns_domain, 'svc.' + dns_domain, dns_domain ] | join(' ') }}
+{% if inventory_hostname in groups['kube-master'] %}
+nameserver {{ ansible_default_ipv4.address }}
+{% else %}
 {% for host in groups['kube-master'] %}
 nameserver {{ hostvars[host]['ansible_default_ipv4']['address'] }}
 {% endfor %}
+{% endif %}