diff --git a/default.nix b/default.nix
index 1bd1bd7..1fc5e3a 100644
--- a/default.nix
+++ b/default.nix
@@ -334,6 +334,14 @@ in
         to enable this unless you're hacking on nixos-mailserver.
       '';
     };
+
+    localDnsResolver = mkOption {
+      type = types.bool;
+      default = true;
+      description = ''
+        Runs a local DNS resolver (kresd) as recommended when running rspamd. This prevents your log file from filling up with rspamd_monitored_dns_mon entries.
+      '';
+    };
   };
 
   imports = [
@@ -346,6 +354,7 @@ in
     ./mail-server/postfix.nix
     ./mail-server/rmilter.nix
     ./mail-server/nginx.nix
+    ./mail-server/kresd.nix
   ];
 
   config = lib.mkIf config.mailserver.enable {
diff --git a/mail-server/kresd.nix b/mail-server/kresd.nix
new file mode 100644
index 0000000..a0afd50
--- /dev/null
+++ b/mail-server/kresd.nix
@@ -0,0 +1,28 @@
+#  nixos-mailserver: a simple mail server
+#  Copyright (C) 2016-2017  Robin Raymond
+#
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 3 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program. If not, see <http://www.gnu.org/licenses/>
+
+{ config, pkgs, lib, ... }:
+
+let
+  cfg = config.mailserver;
+in
+{
+  config = lib.mkIf cfg.localDnsResolver {
+    services.kresd.enable = true;
+    networking.nameservers = [ "127.0.0.1" ];
+  };
+}
+