diff --git a/Dockerfile b/Dockerfile
index 04b522ee40c9c986e8660f7760078e4863ff9d90..2b6a27b672fb58f411e1ef6145b6b8056a86b995 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -17,6 +17,10 @@ USER doh
 
 ENTRYPOINT ["entrypoint"]
 
+ENV DOH_HEALTHCHECK_DOMAIN="ci-test.dns.shivering-isles.com"
+
+HEALTHCHECK CMD curl "http://localhost:8053/dns-query?name=${DOH_HEALTHCHECK_DOMAIN}&type=A" | grep "127.0.0.123"
+
 EXPOSE 8053
 
 CMD ["./dns-over-https/doh-server/doh-server"]
diff --git a/README.md b/README.md
index 3ac29a54762ee3f4e89b2419490bfeeea52f7e8c..ec1f1b64d81c1b393160d4ca5301b88ecd42029d 100644
--- a/README.md
+++ b/README.md
@@ -42,3 +42,10 @@ As alternative for enterprise setups, you can provide a [`policy.json`](https://
 ```
 
 *Don't forget to replace `<your dns host>` with an appropriated value. For example: dns.shivering-isles.com*
+
+Healthcheck
+---
+
+The image contains a health check to make sure no defect container is running. This health check points by default to `ci-test.dns.shivering-isles.com` which is also used for CI in this repository. The domain returns the IP address `127.0.0.123` as A record.
+
+You can configure an own domain using the `DOH_HEALTHCHECK_DOMAIN` environment variable. But make sure this domain returns the mentioned `127.0.0.123` as A record.