diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml
index e8e272a78..ee7b395d0 100644
--- a/roles/network/tasks/enable_services.yml
+++ b/roles/network/tasks/enable_services.yml
@@ -46,7 +46,7 @@
   when: not dnsmasq_enabled and dnsmasq_install
 
 - name: dnsmasq copy config file to /etc
-  template: src=network/dnsmasq.conf dest=/etc/
+  template: src=network/dnsmasq.conf.j2 dest=/etc/
   when: dnsmasq_enabled and dnsmasq_install
 
 - name: Enable dnsmasq
diff --git a/roles/network/templates/network/dnsmasq.conf.j2 b/roles/network/templates/network/dnsmasq.conf.j2
new file mode 100644
index 000000000..3a6365850
--- /dev/null
+++ b/roles/network/templates/network/dnsmasq.conf.j2
@@ -0,0 +1,20 @@
+# Never forward addresses in the non-routed address spaces.
+bogus-priv
+#　Add other name servers here, with domain specs if they are for　non-public domains.
+#server=/{{ iiab_domain }}/{{ iiab_hostname }}
+# Add local-only domains here, queries in these domains are answered　from /etc/hosts or DHCP only.
+local=/{{ iiab_domain }}/
+# Make all host names resolve to the Raspberry Pi's IP address
+address=/#/{{ lan_ip }}
+# Specify the interface that will listen for DHCP and DNS requests
+interface={{ iiab_lan_iface }}
+# Set the domain for dnsmasq
+domain={{ iiab_domain }}
+# Specify the range of IP addresses the DHCP server will lease out to devices, and the duration of the lease
+dhcp-range=172.18.100.1,172.18.126.254,1h
+# Specify the default route
+dhcp-option=3,{{ lan_ip }}
+# Specify the DNS server address
+dhcp-option=6,{{ lan_ip }}
+# Set the DHCP server to authoritative mode.
+dhcp-authoritative