diff --git a/doc/source/general-roles.rst b/doc/source/general-roles.rst
index 738446539..0e1b8f729 100644
--- a/doc/source/general-roles.rst
+++ b/doc/source/general-roles.rst
@@ -36,6 +36,7 @@ General Purpose Roles
 .. zuul:autorole:: prepare-workspace
 .. zuul:autorole:: prepare-workspace-git
 .. zuul:autorole:: prepare-workspace-openshift
+.. zuul:autorole:: post-reboot-tasks
 .. zuul:autorole:: remove-build-sshkey
 .. zuul:autorole:: remove-build-winrm-cert
 .. zuul:autorole:: remove-gpgkey
diff --git a/roles/enable-fips/README.rst b/roles/enable-fips/README.rst
index c84db5ab6..055248612 100644
--- a/roles/enable-fips/README.rst
+++ b/roles/enable-fips/README.rst
@@ -2,3 +2,7 @@ Enable FIPS on a node.
 
 Set a node into FIPS mode, to test functionality when crypto
 policies are set to FIPS in RHEL 8/Centos 8.
+
+The role will set the node into FIPS mode, reboot the node, and
+then call the post-reboot-tasks role.  This role requires a role
+parameter - nslookup_target.
diff --git a/roles/enable-fips/tasks/main.yaml b/roles/enable-fips/tasks/main.yaml
index bc62b05f0..f430b0123 100644
--- a/roles/enable-fips/tasks/main.yaml
+++ b/roles/enable-fips/tasks/main.yaml
@@ -50,9 +50,9 @@
   reboot:
     reboot_timeout: 1800
 
-- name: Run start-zuul-console role
+- name: Run post-boot tasks
   include_role:
-    name: start-zuul-console
+    name: post-reboot-tasks
 
 - name: Ensure FIPS mode is enabled
   become: true
diff --git a/roles/post-reboot-tasks/README.rst b/roles/post-reboot-tasks/README.rst
new file mode 100644
index 000000000..82e4b694f
--- /dev/null
+++ b/roles/post-reboot-tasks/README.rst
@@ -0,0 +1,14 @@
+Ensure that processes are running after a node reboot.
+
+Some roles (like the enable-fips role) need to reboot the node
+in order to complete their operations.
+
+This role can be invoked to ensure that the node is sufficiently
+up again before continuing by doing some basic checks for
+connectivity (ssh), restarting the zuul-console and making sure
+DNS is up.
+
+A role parameter nslookup_target is required to specify the DNS name
+to ensure DNS is working. If working in a mirrored environment, it
+is a good idea to use $zuul_site_mirror_fqdn, because this is what
+will be needed for package installs in any case.
diff --git a/roles/post-reboot-tasks/tasks/main.yaml b/roles/post-reboot-tasks/tasks/main.yaml
new file mode 100644
index 000000000..cd0868ef0
--- /dev/null
+++ b/roles/post-reboot-tasks/tasks/main.yaml
@@ -0,0 +1,10 @@
+---
+- name: check if node is available for ssh
+  wait_for_connection:
+
+- name: Run start-zuul-console role
+  include_role:
+    name: start-zuul-console
+
+- name: confirm that dns is up
+  command: "nslookup -retry=60 {{ nslookup_target }}"
diff --git a/zuul-tests.d/general-roles-jobs.yaml b/zuul-tests.d/general-roles-jobs.yaml
index a3358a4da..ddb95784d 100644
--- a/zuul-tests.d/general-roles-jobs.yaml
+++ b/zuul-tests.d/general-roles-jobs.yaml
@@ -342,6 +342,7 @@
     run: test-playbooks/simple-role-test.yaml
     vars:
       role_name: enable-fips
+      nslookup_target: opendev.org
     nodeset:
       nodes:
         - name: centos-8-stream