diff --git a/Dockerfile b/Dockerfile
index ca8918be..6b3c6d42 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -39,6 +39,7 @@ ENV USER= \
     DOT_VERBOSITY=1 \
     DOT_VERBOSITY_DETAILS=0 \
     DOT_VALIDATION_LOGLEVEL=0 \
+    DOT_CACHING=on \
     BLOCK_MALICIOUS=on \
     BLOCK_SURVEILLANCE=off \
     BLOCK_ADS=off \
diff --git a/README.md b/README.md
index 47d2ee47..53950a60 100644
--- a/README.md
+++ b/README.md
@@ -128,6 +128,7 @@ docker run --rm --network=container:pia alpine:3.10 wget -qO- https://ipinfo.io
 | `PASSWORD` | | Your PIA password |
 | `DOT` | `on` | `on` or `off`, to activate DNS over TLS to 1.1.1.1 |
 | `DOT_PROVIDERS` | `cloudflare` | Comma delimited list of DNS over TLS providers from `cloudflare`, `google`, `quad9`, `quadrant`, `cleanbrowsing`, `securedns`, `libredns` |
+| `DOT_CACHING` | `on` | Unbound caching feature, `on` or `off` |
 | `DOT_VERBOSITY` | `1` | Unbound verbosity level from `0` to `5` (full debug) |
 | `DOT_VERBOSITY_DETAILS` | `0` | Unbound details verbosity level from `0` to `4` |
 | `DOT_VALIDATION_LOGLEVEL` | `0` | Unbound validation log level from `0` to `2` |
diff --git a/internal/dns/conf.go b/internal/dns/conf.go
index 5469af81..3e8933fd 100644
--- a/internal/dns/conf.go
+++ b/internal/dns/conf.go
@@ -100,6 +100,11 @@ func generateUnboundConf(settings settings.DNS, client network.Client, logger lo
 		"name":                 "\".\"",
 		"forward-tls-upstream": "yes",
 	}
+	if settings.Caching {
+		forwardZoneSection["forward-no-cache"] = "no"
+	} else {
+		forwardZoneSection["forward-no-cache"] = "yes"
+	}
 	var forwardZoneLines []string
 	for k, v := range forwardZoneSection {
 		forwardZoneLines = append(forwardZoneLines, "  "+k+": "+v)
diff --git a/internal/dns/conf_test.go b/internal/dns/conf_test.go
index ec036be2..b1c73f46 100644
--- a/internal/dns/conf_test.go
+++ b/internal/dns/conf_test.go
@@ -25,6 +25,7 @@ func Test_generateUnboundConf(t *testing.T) {
 		BlockAds:           false,
 		VerbosityLevel:     2,
 		ValidationLogLevel: 3,
+		Caching:            true,
 	}
 	client := &mocks.Client{}
 	client.On("GetContent", string(constants.MaliciousBlockListHostnamesURL)).
@@ -73,6 +74,7 @@ server:
   private-address: c
   private-address: d
 forward-zone:
+  forward-no-cache: no
   forward-tls-upstream: yes
   name: "."
   forward-addr: 1.1.1.1@853#cloudflare-dns.com
diff --git a/internal/params/dns.go b/internal/params/dns.go
index 45a5fd26..b2d8aa20 100644
--- a/internal/params/dns.go
+++ b/internal/params/dns.go
@@ -100,3 +100,10 @@ func (p *paramsReader) GetDNSUnblockedHostnames() (hostnames []string, err error
 	}
 	return hostnames, nil
 }
+
+// GetDNSOverTLSCaching obtains if Unbound caching should be enable or not
+// from the environment variable DOT_CACHING
+func (p *paramsReader) GetDNSOverTLSCaching() (caching bool, err error) {
+	return p.envParams.GetOnOff("DOT_CACHING")
+}
+
diff --git a/internal/params/params.go b/internal/params/params.go
index 27a6c3b9..11929c5b 100644
--- a/internal/params/params.go
+++ b/internal/params/params.go
@@ -15,6 +15,7 @@ type ParamsReader interface {
 	// DNS over TLS getters
 	GetDNSOverTLS() (DNSOverTLS bool, err error)
 	GetDNSOverTLSProviders() (providers []models.DNSProvider, err error)
+	GetDNSOverTLSCaching() (caching bool, err error)
 	GetDNSOverTLSVerbosity() (verbosityLevel uint8, err error)
 	GetDNSOverTLSVerbosityDetails() (verbosityDetailsLevel uint8, err error)
 	GetDNSOverTLSValidationLogLevel() (validationLogLevel uint8, err error)
diff --git a/internal/settings/dns.go b/internal/settings/dns.go
index ec489e29..0de337cf 100644
--- a/internal/settings/dns.go
+++ b/internal/settings/dns.go
@@ -14,6 +14,7 @@ type DNS struct {
 	Providers             []models.DNSProvider
 	AllowedHostnames      []string
 	PrivateAddresses      []string
+	Caching               bool
 	BlockMalicious        bool
 	BlockSurveillance     bool
 	BlockAds              bool
@@ -26,7 +27,10 @@ func (d *DNS) String() string {
 	if !d.Enabled {
 		return "DNS over TLS settings: disabled"
 	}
-	blockMalicious, blockSurveillance, blockAds := "disabed", "disabed", "disabed"
+	caching, blockMalicious, blockSurveillance, blockAds := "disabled", "disabed", "disabed", "disabed"
+	if d.Caching {
+		caching = "enabled"
+	}
 	if d.BlockMalicious {
 		blockMalicious = "enabled"
 	}
@@ -43,6 +47,7 @@ func (d *DNS) String() string {
 	settingsList := []string{
 		"DNS over TLS settings:",
 		"DNS over TLS provider:\n  |--" + strings.Join(providersStr, "\n  |--"),
+		"Caching: " + caching,
 		"Block malicious: " + blockMalicious,
 		"Block surveillance: " + blockSurveillance,
 		"Block ads: " + blockAds,
@@ -69,6 +74,10 @@ func GetDNSSettings(params params.ParamsReader) (settings DNS, err error) {
 	if err != nil {
 		return settings, err
 	}
+	settings.Caching, err = params.GetDNSOverTLSCaching()
+	if err != nil {
+		return settings, err
+	}
 	settings.BlockMalicious, err = params.GetDNSMaliciousBlocking()
 	if err != nil {
 		return settings, err