diff --git a/cluster/addons.go b/cluster/addons.go
index 388a131e..5f24050b 100644
--- a/cluster/addons.go
+++ b/cluster/addons.go
@@ -50,6 +50,7 @@ type ingressOptions struct {
 	Options        map[string]string
 	NodeSelector   map[string]string
 	ExtraArgs      map[string]string
+	DNSPolicy      string
 	AlpineImage    string
 	IngressImage   string
 	IngressBackend string
@@ -485,6 +486,7 @@ func (c *Cluster) deployIngress(ctx context.Context, data map[string]interface{}
 		Options:        c.Ingress.Options,
 		NodeSelector:   c.Ingress.NodeSelector,
 		ExtraArgs:      c.Ingress.ExtraArgs,
+		DNSPolicy:      c.Ingress.DNSPolicy,
 		IngressImage:   c.SystemImages.Ingress,
 		IngressBackend: c.SystemImages.IngressBackend,
 	}
diff --git a/cluster/validation.go b/cluster/validation.go
index 0dadc9f8..4b022735 100644
--- a/cluster/validation.go
+++ b/cluster/validation.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"github.com/rancher/rke/metadata"
+	"k8s.io/api/core/v1"
 	"strings"
 
 	"github.com/rancher/rke/log"
@@ -163,6 +164,15 @@ func validateIngressOptions(c *Cluster) error {
 	if c.Ingress.Provider != DefaultIngressController && c.Ingress.Provider != "none" {
 		return fmt.Errorf("Ingress controller %s is incorrect", c.Ingress.Provider)
 	}
+
+	if c.Ingress.DNSPolicy != "" &&
+		!(c.Ingress.DNSPolicy == string(v1.DNSClusterFirst) ||
+			c.Ingress.DNSPolicy == string(v1.DNSClusterFirstWithHostNet) ||
+			c.Ingress.DNSPolicy == string(v1.DNSNone) ||
+			c.Ingress.DNSPolicy == string(v1.DNSDefault)) {
+		return fmt.Errorf("DNSPolicy %s was not a valid DNS Policy", c.Ingress.DNSPolicy)
+	}
+
 	return nil
 }