diff --git a/docs/features/dns-cache.rst b/docs/features/dns-cache.rst
deleted file mode 100644
index 92be66f6990e01861fe6b105bdf812edeb70b03e..0000000000000000000000000000000000000000
--- a/docs/features/dns-cache.rst
+++ /dev/null
@@ -1,41 +0,0 @@
-DNS caching
-===========
-
-User experience may be greatly improved when dns is accelerated. Also, it
-seems like a good idea to keep the number of packages being exchanged
-between node and gateway as small as possible. In order to do this, a
-DNS cache may be used on a node. The dnsmasq instance listening on port
-53 on the node will be reconfigured to answer requests, use a list of
-upstream servers and a specific cache size if the options listed below are
-added to site.conf. Upstream servers are the DNS servers which are normally
-used by the nodes to resolve hostnames (e.g. gateways/supernodes).
-
-There are the following settings:
-    servers
-    cacheentries
-
-If both options are set the node will cache as much DNS records as set with
-'cacheentries' in RAM. The 'servers' list will be used to resolve the received
-DNS queries if the request cannot be answered from cache.
-If these settings do not exist, the cache is not intialized and RAM usage will not increase.
-
-When next_node.name is set, an A record and an AAAA record for the
-next-node IP address are placed in the dnsmasq configuration. This means that the content
-of next_node.name may be resolved even without upstream connectivity.
-
-::
-
-  dns = {
-    cacheentries = 5000,
-    servers = { '2001:db8::1', },
-  },
-
-  next_node = {
-    name = 'nextnode',
-    ip6 = '2001:db8:8::1',
-    ip4 = '198.51.100.1',
-  }
-
-
-The cache will be initialized during startup.
-Each cache entry will occupy about 90 bytes of RAM.
diff --git a/docs/features/dns-forwarder.rst b/docs/features/dns-forwarder.rst
new file mode 100644
index 0000000000000000000000000000000000000000..d74f9618fe3fafd6ba8467e4425f154880e5fdb7
--- /dev/null
+++ b/docs/features/dns-forwarder.rst
@@ -0,0 +1,26 @@
+DNS forwarder
+=============
+
+A Gluon node can be configured to act as a DNS forwarder. Requests for the
+next-node hostname(s) can be answered locally, without querying the upstream
+resolver.
+
+**Note:** While this reduces answer time and allows to use the next-node
+hostname without upstream connectivity, this feature should not be used for
+next-node hostnames that are FQDN when the zone uses DNSSEC.
+
+One or more upstream resolvers can be configured in the *dns.servers* setting.
+When *next_node.name* is set, A and/or AAAA records for the next-node IP
+addresses are placed in the dnsmasq configuration.
+
+::
+
+  dns = {
+    servers = { '2001:db8::1', },
+  },
+
+  next_node = {
+    name = { 'nextnode.location.community.example.org', 'nextnode', 'nn' },
+    ip6 = '2001:db8:8::1',
+    ip4 = '198.51.100.1',
+  }
diff --git a/docs/index.rst b/docs/index.rst
index 957530d798801e8ed84f0f11ad63de6610b7f7fe..6d0de3fa7d0a6ad966f727a6ae24ebae6cfbace5 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -23,7 +23,7 @@ Several Freifunk communities in Germany use Gluon as the foundation of their Fre
    features/wlan-configuration
    features/private-wlan
    features/wired-mesh
-   features/dns-cache
+   features/dns-forwarder
    features/monitoring
    features/authorized-keys
    features/roles
diff --git a/docs/releases/v2017.1.rst b/docs/releases/v2017.1.rst
index 5c5b48bb4144a0a43e02d637b94865e24a766bdc..cc445933aba7875537e49d86559aff3a078209ae 100644
--- a/docs/releases/v2017.1.rst
+++ b/docs/releases/v2017.1.rst
@@ -88,8 +88,6 @@ New features
 * Add support for making nodes a DNS cache for clients
   (`#1000 <https://github.com/freifunk-gluon/gluon/issues/1000>`_)
 
-  See also: :doc:`../features/dns-cache`
-
 * Add L2TP via tunneldigger as an alternative VPN system
   (`#978 <https://github.com/freifunk-gluon/gluon/issues/978>`_)
 
diff --git a/package/gluon-core/check_site.lua b/package/gluon-core/check_site.lua
index d26b16716b69d6f416ca70a2e70bb46adb16d06e..90a6752d47450475f56b73303980a6d4028a79cf 100644
--- a/package/gluon-core/check_site.lua
+++ b/package/gluon-core/check_site.lua
@@ -40,7 +40,6 @@ end
 
 need_boolean('poe_passthrough', false)
 if need_table('dns', nil, false) then
-	need_number('dns.cacheentries', false)
 	need_string_array_match('dns.servers', '^[%x:]+$', false)
 end
 
diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/820-dns-config b/package/gluon-core/luasrc/lib/gluon/upgrade/820-dns-config
index 5b64b413bbbf939507c3127f67160d6c9a588922..37b4b1c69c4aea4cbf8dd0884f31e8616dcfe936 100755
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/820-dns-config
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/820-dns-config
@@ -13,11 +13,7 @@ else
 	uci:delete('dhcp', dnsmasq, 'server')
 end
 
-if site.dns and site.dns.cacheentries then
-	uci:set('dhcp', dnsmasq, 'cachesize', site.dns.cacheentries)
-else
-	uci:delete('dhcp', dnsmasq, 'cachesize')
-end
+uci:delete('dhcp', dnsmasq, 'cachesize')
 
 if site.next_node and site.next_node.name and site.next_node.ip4 then
 	uci:section('dhcp','domain','nextnode4',{