diff --git a/playbooks/osh-infra-upgrade-host.yaml b/playbooks/osh-infra-upgrade-host.yaml
index 0e42a8e73..495b5cb99 100644
--- a/playbooks/osh-infra-upgrade-host.yaml
+++ b/playbooks/osh-infra-upgrade-host.yaml
@@ -34,6 +34,8 @@
   roles:
     - upgrade-host
     - start-zuul-console
+    - disable-local-nameserver
   tags:
     - upgrade-host
     - start-zuul-console
+    - disable-local-nameserver
diff --git a/roles/disable-local-nameserver/tasks/main.yaml b/roles/disable-local-nameserver/tasks/main.yaml
new file mode 100644
index 000000000..591efa848
--- /dev/null
+++ b/roles/disable-local-nameserver/tasks/main.yaml
@@ -0,0 +1,52 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# NOTE(portdirect): We disable the local nameserver as it interferes with the
+# k8s dns-service and other local resolvers used for development use.
+# See the following for the orginal config:
+# * https://github.com/openstack-infra/project-config/blob/0332c33dd134033e0620645c252f82b77e4c16f5/nodepool/elements/nodepool-base/finalise.d/89-unbound
+
+- name: Disable local nameserver
+  when: ansible_distribution == 'Ubuntu'
+  block:
+    - name: update rc.local
+      blockinfile:
+        path: /etc/rc.local
+        mode: 0555
+        block: |
+          #!/bin/bash
+          set -o xtrace
+          # Some providers inject dynamic network config statically. Work around this
+          # for DNS nameservers. This is expected to fail on some nodes so remove -e.
+          set +e
+          sed -i -e 's/^\(DNS[0-9]*=[.0-9]\+\)/#\1/g' /etc/sysconfig/network-scripts/ifcfg-*
+          sed -i -e 's/^NETCONFIG_DNS_POLICY=.*/NETCONFIG_DNS_POLICY=""/g' /etc/sysconfig/network/config
+          set -e
+          echo 'nameserver 208.67.222.222' > /etc/resolv.conf
+          echo 'nameserver 8.8.8.8' >> /etc/resolv.conf
+          exit 0
+    - name: write resolv.conf
+      blockinfile:
+        path: /etc/resolv.conf
+        mode: 644
+        block: |
+          nameserver 208.67.222.222
+          nameserver 8.8.8.8
+    - name: stop unbound service
+      systemd:
+        state: stopped
+        enabled: no
+        masked: yes
+        daemon_reload: yes
+        name: unbound