diff --git a/conf.c b/conf.c
index e360fb9..c631019 100644
--- a/conf.c
+++ b/conf.c
@@ -829,6 +829,9 @@ static void usage(const char *name, FILE *f, int status)
 		"  --dns-forward ADDR	Forward DNS queries sent to ADDR\n"
 		"    can be specified zero to two times (for IPv4 and IPv6)\n"
 		"    default: don't forward DNS queries\n"
+		"  --dns-host ADDR	Host nameserver to direct queries to\n"
+		"    can be specified zero to two times (for IPv4 and IPv6)\n"
+		"    default: first nameserver from host's /etc/resolv.conf\n"
 		"  --no-tcp		Disable TCP protocol handler\n"
 		"  --no-udp		Disable UDP protocol handler\n"
 		"  --no-icmp		Disable ICMP/ICMPv6 protocol handler\n"
@@ -1286,6 +1289,7 @@ void conf(struct ctx *c, int argc, char **argv)
 		{"netns-only",	no_argument,		NULL,		20 },
 		{"map-host-loopback", required_argument, NULL,		21 },
 		{"map-guest-addr", required_argument,	NULL,		22 },
+		{"dns-host",	required_argument,	NULL,		24 },
 		{ 0 },
 	};
 	const char *logname = (c->mode == MODE_PASTA) ? "pasta" : "passt";
@@ -1463,6 +1467,18 @@ void conf(struct ctx *c, int argc, char **argv)
 			conf_nat(optarg, &c->ip4.map_guest_addr,
 				 &c->ip6.map_guest_addr, NULL);
 			break;
+		case 24:
+			if (inet_pton(AF_INET6, optarg, &c->ip6.dns_host) &&
+			    !IN6_IS_ADDR_UNSPECIFIED(&c->ip6.dns_host))
+				break;
+
+			if (inet_pton(AF_INET, optarg, &c->ip4.dns_host) &&
+			    !IN4_IS_ADDR_UNSPECIFIED(&c->ip4.dns_host)   &&
+			    !IN4_IS_ADDR_BROADCAST(&c->ip4.dns_host))
+				break;
+
+			die("Invalid host nameserver address: %s", optarg);
+			break;
 		case 'd':
 			c->debug = 1;
 			c->quiet = 0;
diff --git a/passt.1 b/passt.1
index 5ac2962..ef33267 100644
--- a/passt.1
+++ b/passt.1
@@ -249,10 +249,19 @@ the host.
 .TP
 .BR \-\-dns-forward " " \fIaddr
 Map \fIaddr\fR (IPv4 or IPv6) as seen from guest or namespace to the
-first configured DNS resolver (with corresponding IP version). Maps
-only UDP and TCP traffic to port 53 or port 853.  Replies are
-translated back with a reverse mapping.  This option can be specified
-zero to two times (once for IPv4, once for IPv6).
+nameserver (with corresponding IP version) specified by the
+\fB\-\-dns-host\fR option. Maps only UDP and TCP traffic to port 53 or
+port 853.  Replies are translated back with a reverse mapping.  This
+option can be specified zero to two times (once for IPv4, once for
+IPv6).
+
+.TP
+.BR \-\-dns-host " " \fIaddr
+Configure the host nameserver which guest or namespace queries to the
+\fB\-\-dns-forward\fR address will be redirected to. This option can
+be specified zero to two times (once for IPv4, once for IPv6).
+By default, the first nameserver from the host's
+\fI/etc/resolv.conf\fR.
 
 .TP
 .BR \-S ", " \-\-search " " \fIlist