diff --git a/modules/services/dnsmasq.nix b/modules/services/dnsmasq.nix
index 7ea674f..61440e4 100644
--- a/modules/services/dnsmasq.nix
+++ b/modules/services/dnsmasq.nix
@@ -42,6 +42,27 @@ in
         { localhost = "127.0.0.1"; }
         '';
     };
+
+    services.dnsmasq.servers = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      description = ''
+        List of upstream DNS servers to forward queries to.
+        If empty, dnsmasq will use the servers from /etc/resolv.conf.
+        Each entry can be:
+        - An IP address (e.g., "1.2.3.4")
+        - A domain-specific server (e.g., "/example.com/1.2.3.4")
+        - A server with port (e.g., "1.2.3.4#5353")
+        See dnsmasq(8) man page for --server option for full syntax.
+      '';
+      example = literalExpression ''
+        [
+          "8.8.8.8"
+          "8.8.4.4"
+          "/internal.example.com/192.168.1.1"
+        ]
+      '';
+    };
   };
 
   config = mkIf cfg.enable {
@@ -53,7 +74,8 @@ in
         "--listen-address=${cfg.bind}"
         "--port=${toString cfg.port}"
         "--keep-in-foreground"
-      ] ++ (mapA (domain: addr: "--address=/${domain}/${addr}") cfg.addresses);
+      ] ++ (mapA (domain: addr: "--address=/${domain}/${addr}") cfg.addresses)
+        ++ (map (server: "--server=${server}") cfg.servers);
 
       serviceConfig.KeepAlive = true;
       serviceConfig.RunAtLoad = true;
diff --git a/tests/services-dnsmasq.nix b/tests/services-dnsmasq.nix
index 6bab02f..38c7489 100644
--- a/tests/services-dnsmasq.nix
+++ b/tests/services-dnsmasq.nix
@@ -12,6 +12,10 @@ in
   services.dnsmasq.addresses = {
     localhost = "127.0.0.1";
   };
+  services.dnsmasq.servers = [
+    "8.8.8.8"
+    "/example.com/192.168.1.1"
+  ];
 
   test = ''
     echo >&2 "checking dnsmasq service in /Library/LaunchDaemons"
@@ -19,6 +23,10 @@ in
     grep "${dnsmasq}/bin/dnsmasq" ${config.out}/Library/LaunchDaemons/org.nixos.dnsmasq.plist
     grep -F -- "--address=/localhost/127.0.0.1" ${config.out}/Library/LaunchDaemons/org.nixos.dnsmasq.plist
 
+    echo >&2 "checking server options"
+    grep -F -- "--server=8.8.8.8" ${config.out}/Library/LaunchDaemons/org.nixos.dnsmasq.plist
+    grep -F -- "--server=/example.com/192.168.1.1" ${config.out}/Library/LaunchDaemons/org.nixos.dnsmasq.plist
+
     echo >&2 "checking resolver config"
     grep -F "port 53" ${config.out}/etc/resolver/localhost
     grep -F "nameserver 127.0.0.1" ${config.out}/etc/resolver/localhost