diff --git a/cluster/addons/dns/nodelocaldns/README.md b/cluster/addons/dns/nodelocaldns/README.md
index 3b3daed997..304750c64d 100644
--- a/cluster/addons/dns/nodelocaldns/README.md
+++ b/cluster/addons/dns/nodelocaldns/README.md
@@ -35,3 +35,7 @@ spec:
   - Ingress
   - Egress
 ```
+
+### Negative caching
+
+The `denial` cache TTL has been reduced to the minimum of 5 seconds [here](https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml#L37). In the unlikely event that this impacts performance, setting this TTL to a higher value make help alleviate issues, but be aware that operations that rely on DNS polling for orchestration may fail (for example operators with StatefulSets).
diff --git a/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml b/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml
index 4b9bebeaac..1ddd9b4e03 100644
--- a/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml
+++ b/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml
@@ -34,7 +34,10 @@ data:
   Corefile: |
     __PILLAR__DNS__DOMAIN__:53 {
         errors
-        cache 30
+        cache {
+                success 9984 30
+                denial 9984 5
+        }
         reload
         loop
         bind __PILLAR__LOCAL__DNS__