diff --git a/deployment/puppet/cobbler/templates/dnsmasq.template.erb b/deployment/puppet/cobbler/templates/dnsmasq.template.erb
index 3a96ac1240..d70f8dea35 100644
--- a/deployment/puppet/cobbler/templates/dnsmasq.template.erb
+++ b/deployment/puppet/cobbler/templates/dnsmasq.template.erb
@@ -19,6 +19,14 @@ server=/<%= @dns_domain %>/<%= dns %>
 resolv-file=/etc/dnsmasq.upstream
 interface=<%= @dhcp_interface %>
 
+# On systems which support it, dnsmasq binds the wildcard address,
+# even when it is listening on only some interfaces. It then discards
+# requests that it shouldn't reply to. This has the advantage of
+# working even when interfaces come and go and change address. If you
+# don't want dnsmasq to really bind only the interfaces it is listening on,
+# comment this option.
+bind-interfaces
+
 cache-size=1024
 
 # This is one of the key options. dnsmasq tries to move out servername