diff --git a/playbooks/kresd.yml b/playbooks/kresd.yml
new file mode 100755
index 0000000..b39e3d9
--- /dev/null
+++ b/playbooks/kresd.yml
@@ -0,0 +1,22 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts:
+    - dns-1.int.infra.auro.re
+  vars:
+    kresd__listen:
+      - address: 0.0.0.0
+        port: 53
+        kind: dns
+      - address: "::"
+        port: 53
+        kind: dns
+      - address: 0.0.0.0
+        port: 853
+        kind: tls
+      - address: "::"
+        port: 853
+        kind: tls
+    kresd__cache_size: 256
+  roles:
+    - kresd
+...
diff --git a/roles/kresd/defaults/main.yml b/roles/kresd/defaults/main.yml
new file mode 100644
index 0000000..e84d7a5
--- /dev/null
+++ b/roles/kresd/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+kresd__listen: []
+kresd__freebind: true
+kresd__cache_size: 128
diff --git a/roles/kresd/handlers/main.yml b/roles/kresd/handlers/main.yml
new file mode 100644
index 0000000..a0262a5
--- /dev/null
+++ b/roles/kresd/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Restart kresd
+  systemd:
+    name: kresd@1.service
+    state: restarted
diff --git a/roles/kresd/tasks/main.yml b/roles/kresd/tasks/main.yml
new file mode 100644
index 0000000..7eacdf3
--- /dev/null
+++ b/roles/kresd/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+- name: Install knot-resolver
+  apt:
+    name: knot-resolver
+
+- name: Configure kresd
+  template:
+    src: kresd.conf.j2
+    dest: /etc/knot-resolver/kresd.conf
+    owner: root
+    group: knot-resolver
+    mode: u=rw,g=r,o=
+  notify:
+    - Restart kresd
+
+- name: Enable and start kresd
+  systemd:
+    name: kresd@1.service
+    state: started
+    enabled: true
+...
diff --git a/roles/kresd/templates/kresd.conf.j2 b/roles/kresd/templates/kresd.conf.j2
new file mode 100644
index 0000000..c92309d
--- /dev/null
+++ b/roles/kresd/templates/kresd.conf.j2
@@ -0,0 +1,21 @@
+{{ ansible_managed | comment(decoration="-- ") }}
+
+{% for listen in kresd__listen %}
+net.listen(
+    {{ listen.address | enquote }},
+    {{ listen.port | int }},
+    {
+        kind = {{ listen.kind | enquote }},
+        freebind = {{ listen.freebind
+                      | default(kresd__freebind) }},
+    }
+)
+{% endfor %}
+
+modules = {
+    'hints > iterate',
+    'stats',
+    'predict',
+}
+
+cache.size = {{ kresd__cache_size | int }} * MB