diff --git a/ansible/roles/designate/defaults/main.yml b/ansible/roles/designate/defaults/main.yml
index 3af79afdffc99226701c0f9f45309f080e91d11e..8e3f5004893b921cf010fa19a2a1a9f66708526b 100644
--- a/ansible/roles/designate/defaults/main.yml
+++ b/ansible/roles/designate/defaults/main.yml
@@ -140,3 +140,11 @@ openstack_designate_auth: "{{ openstack_auth }}"
 designate_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
 designate_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
 designate_dev_mode: "{{ kolla_dev_mode }}"
+
+####################
+## Designate
+#####################
+designate_dnssec_validation: "yes"
+designate_recursion: "no"
+## Example for designate_forwarders_addresses: "10.199.200.1; 10.199.100.1"
+designate_forwarders_addresses: ""
diff --git a/ansible/roles/designate/templates/named.conf.j2 b/ansible/roles/designate/templates/named.conf.j2
index 89bd3a952a7fc916bfa4716cc631ac1f74b087b4..60b16f26919df7f8dd1e35d69b7865c29d47b60a 100644
--- a/ansible/roles/designate/templates/named.conf.j2
+++ b/ansible/roles/designate/templates/named.conf.j2
@@ -3,10 +3,11 @@ options {
         listen-on port {{ designate_bind_port }} { {{ hostvars[inventory_hostname]['ansible_' + hostvars[inventory_hostname]['api_interface']]['ipv4']['address'] }}; };
         directory       "/var/lib/named";
         allow-new-zones yes;
-        dnssec-validation auto;
+        dnssec-validation {{ designate_dnssec_validation }};
         auth-nxdomain no;
         request-ixfr no;
-        recursion no;
+        recursion {{ designate_recursion }};
+        forwarders { {{ designate_forwarders_addresses }}; };
         minimal-responses yes;
         allow-notify { {% for host in groups['designate-worker'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }};{% endfor %} };
 };