diff --git a/docs/u_e-unbound-fwd.md b/docs/u_e-unbound-fwd.md
new file mode 100644
index 000000000..19fe9e22c
--- /dev/null
+++ b/docs/u_e-unbound-fwd.md
@@ -0,0 +1,19 @@
+If you want or have to use an external DNS service, you can define it in `data/conf/unbound/unbound.conf`:
+
+```
+forward-zone:
+  name: "."
+  forward-addr: 8.8.8.8
+  forward-addr: 8.8.4.4
+```
+
+Please do not use a public resolver like we did in the example above. Many - if not all - blacklist lookups will fail with public resolvers.
+
+**Important**: Only DNSSEC validating DNS services will work.
+
+Restart Unbound after changing its config file:
+
+```
+docker-compose restart unbound-mailcow
+```
+
diff --git a/mkdocs.yml b/mkdocs.yml
index 2888105a1..b4fd23e0b 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -66,6 +66,8 @@ nav:
       - 'Disable Sender Addresses Verification': 'u_e-postfix-disable_sender_verification.md'
       - 'Max. message size (attachment size)': 'u_e-postfix-attachment_size.md'
       - 'Statistics with pflogsumm': 'u_e-postfix-pflogsumm.md'
+  - 'Unbound':
+      - 'Using an external DNS service': 'u_e-unbound-fwd.md'
   - 'Dovecot':
       - "(Re-)Enable any and all authenticated ACL settings": 'u_e-dovecot-any_acl.md'
       - "Expunge a User's Mails": 'u_e-dovecot-expunge.md'