diff --git a/data/Dockerfiles/unbound/Dockerfile b/data/Dockerfiles/unbound/Dockerfile
index e853082d8..b19090835 100644
--- a/data/Dockerfiles/unbound/Dockerfile
+++ b/data/Dockerfiles/unbound/Dockerfile
@@ -18,6 +18,11 @@ EXPOSE 53/udp 53/tcp
 
 COPY docker-entrypoint.sh /docker-entrypoint.sh
 
+# healthcheck (nslookup)
+COPY healthcheck.sh /healthcheck.sh
+RUN chmod +x /healthcheck.sh
+HEALTHCHECK --interval=30s --timeout=10s CMD [ "/healthcheck.sh" ]
+
 ENTRYPOINT ["/docker-entrypoint.sh"]
 
 CMD ["/usr/sbin/unbound"]
diff --git a/data/Dockerfiles/unbound/healthcheck.sh b/data/Dockerfiles/unbound/healthcheck.sh
new file mode 100644
index 000000000..8c4508fb1
--- /dev/null
+++ b/data/Dockerfiles/unbound/healthcheck.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+nslookup mailcow.email 127.0.0.1 1> /dev/null
+
+if [ $? == 0 ]; then
+    echo "DNS resolution is working!"
+    exit 0
+else
+    echo "DNS resolution is not working correctly..."
+    echo "Maybe check your outbound firewall, as it needs to resolve DNS over TCP AND UDP!"
+    exit 1
+fi