diff --git a/basic-system/defaults/main.yml b/basic-system/defaults/main.yml
index f706b44a9a244a6b443177accd9f1a5eeb9e359d..c1e84c00e1f46cc2225a6a46edb214c95e6801b5 100644
--- a/basic-system/defaults/main.yml
+++ b/basic-system/defaults/main.yml
@@ -16,3 +16,14 @@ tmp_mount_options:
   - nodev
   - noexec
 fstrim: false
+resolv_search:
+  - "{{ domain }}"
+resolv_nameservers: "{{ nameservers }}"
+resolv_options: []
+#   - "timeout:5"  # default, capped to 30, per resolver
+#   - "attempts:2"  # default, capped to 5
+#   - "ndots:1"  # default, capped to 15, #dots indicating absolute name
+#   - "rotate"  # try listed nameservers in round-robin instead of static order
+#   - "edns0"  # enable extensions from RFC 2671
+#   - "no-tld-query"  # disable resolving unqualified names as TLDs
+#   - "trust-ad"  # trust DNSSEC-validation of your resolver
diff --git a/basic-system/templates/resolv.conf.j2 b/basic-system/templates/resolv.conf.j2
index 414dbbb3be8c1d44d062eeba30bc3a5d93f3508a..6ec15396b02ac66116aa52b46b9f9605092f9433 100644
--- a/basic-system/templates/resolv.conf.j2
+++ b/basic-system/templates/resolv.conf.j2
@@ -1,6 +1,12 @@
-domain {{ domain }}
-search {{ domain }}
+{% if resolv_search|length > 0 %}
+domain {{ resolv_search|first }}
+search {{ resolv_search|join(' ') }}
+{% endif %}
 
-{% for server in nameservers %}
+{% for server in resolv_nameservers %}
 nameserver {{ server }}
 {% endfor %}
+
+{% for option in resolv_options %}
+options {{ option }}
+{% endfor %}
\ No newline at end of file