diff --git a/config/settings.local.yaml.tpl b/config/settings.local.yaml.tpl
index 764f92b2..d1a54217 100644
--- a/config/settings.local.yaml.tpl
+++ b/config/settings.local.yaml.tpl
@@ -54,11 +54,12 @@
 #      kind: "ClusterIssuer"                       # Kind of Issuer, can be "Issuer" or "ClusterIssuer"
 #  dns:
 #    dns_server:
-#      geo_code: "DE"                       # dns provider geo code of the dns server
-#      address: "ns1.seolizer.de"           # dns nameserver hostname or ip
+#      geo_code: "DE"                              # dns provider geo code of the dns server
+#      address: "ns1.seolizer.de"                  # dns nameserver hostname or ip
 #    dns_server2:
-#      geo_code: "AU"                       # dns provider geo code of the second dns server
-#      address: "ns2.seolizer.de"           # second dns nameserver hostname or ip
+#      geo_code: "AU"                              # dns provider geo code of the second dns server
+#      address: "ns2.seolizer.de"                  # second dns nameserver hostname or ip
+#    default_geo_server: "ns3.seolizer.de"         # dns nameserver for tests with default geolocation resolution
 #  letsencrypt:
 #    issuer:                                       # Issuer object for testing TLSPolicy
 #      name: "letsencrypt-staging-issuer"          # Name of Issuer CR
diff --git a/testsuite/config/__init__.py b/testsuite/config/__init__.py
index 9af6945f..724984c7 100644
--- a/testsuite/config/__init__.py
+++ b/testsuite/config/__init__.py
@@ -66,6 +66,7 @@ def __init__(self, name, default, **kwargs) -> None:
             & Validator("dns.dns_server2.address", must_exist=True, ne=None, cast=hostname_to_ip)
             & Validator("dns.dns_server2.geo_code", must_exist=True, ne=None)
         ),
+        Validator("dns.default_geo_server", must_exist=True, ne=None, cast=hostname_to_ip),
         DefaultValueValidator("keycloak.url", default=fetch_service_ip("keycloak", force_http=True, port=8080)),
         DefaultValueValidator("keycloak.password", default=fetch_secret("credential-sso", "ADMIN_PASSWORD")),
         DefaultValueValidator("mockserver.url", default=fetch_service_ip("mockserver", force_http=True, port=1080)),
diff --git a/testsuite/tests/multicluster/load_balanced/conftest.py b/testsuite/tests/multicluster/load_balanced/conftest.py
index d4771165..770c0f75 100644
--- a/testsuite/tests/multicluster/load_balanced/conftest.py
+++ b/testsuite/tests/multicluster/load_balanced/conftest.py
@@ -10,10 +10,10 @@
 def dns_config(testconfig, skip_or_fail):
     """Configuration for DNS tests"""
     try:
-        testconfig.validators.validate(only="dns")
+        testconfig.validators.validate(only=["dns.dns_server", "dns.dns_server2"])
         return testconfig["dns"]
     except ValidationError as exc:
-        return skip_or_fail(f"DNS configuration is missing: {exc}")
+        return skip_or_fail(f"DNS servers configuration is missing: {exc}")
 
 
 @pytest.fixture(scope="package")
@@ -28,6 +28,16 @@ def dns_server2(dns_config):
     return dns_config["dns_server2"]
 
 
+@pytest.fixture(scope="session")
+def dns_default_geo_server(testconfig, skip_or_fail):
+    """Configuration of DNS server for default GEO tests"""
+    try:
+        testconfig.validators.validate(only="dns.default_geo_server")
+        return testconfig["dns"]["default_geo_server"]
+    except ValidationError as exc:
+        return skip_or_fail(f"DNS default geo server configuration is missing: {exc}")
+
+
 @pytest.fixture(scope="module")
 def dns_policy(blame, cluster, gateway, dns_server, module_label, dns_provider_secret):
     """DNSPolicy with load-balancing for the first cluster"""
diff --git a/testsuite/tests/multicluster/load_balanced/test_change_default_geo.py b/testsuite/tests/multicluster/load_balanced/test_change_default_geo.py
new file mode 100644
index 00000000..5da85f12
--- /dev/null
+++ b/testsuite/tests/multicluster/load_balanced/test_change_default_geo.py
@@ -0,0 +1,27 @@
+"""Test for modification of default geolocation in DNSPolicy"""
+
+from time import sleep
+
+import pytest
+import dns.resolver
+
+pytestmark = [pytest.mark.multicluster]
+
+
+def test_change_default_geo(hostname, gateway, gateway2, dns_policy, dns_policy2, dns_default_geo_server):
+    """Test changing dns default geolocation and verify that changes are propagated"""
+    resolver = dns.resolver.Resolver(configure=False)
+    resolver.nameservers = [dns_default_geo_server]
+
+    assert resolver.resolve(hostname.hostname)[0].address == gateway.external_ip().split(":")[0]
+
+    dns_policy.model.spec.loadBalancing.defaultGeo = False
+    dns_policy.apply()
+    dns_policy.wait_for_ready()
+
+    dns_policy2.model.spec.loadBalancing.defaultGeo = True
+    dns_policy2.apply()
+    dns_policy2.wait_for_ready()
+
+    sleep(300)  # wait for DNS propagation on providers
+    assert resolver.resolve(hostname.hostname)[0].address == gateway2.external_ip().split(":")[0]
diff --git a/testsuite/tests/multicluster/load_balanced/test_change_strategy.py b/testsuite/tests/multicluster/load_balanced/test_change_strategy.py
new file mode 100644
index 00000000..afc3cb7c
--- /dev/null
+++ b/testsuite/tests/multicluster/load_balanced/test_change_strategy.py
@@ -0,0 +1,14 @@
+"""Test changing load-balancing strategy in DNSPolicy"""
+
+import pytest
+
+pytestmark = [pytest.mark.multicluster]
+
+
+def test_change_lb_strategy(dns_policy2):
+    """Verify that changing load-balancing strategy is not allowed"""
+    dns_policy2.model.spec.pop("loadBalancing")
+    res = dns_policy2.apply()
+
+    assert res.status() == 1
+    assert "loadBalancing is immutable" in res.err()