I'll shown you the content of the following two files I'm currently using:
sudo nano /etc/systemd/system/multi-user.target.wants/dnscrypt-proxy.service
[Unit]
Description=Secure connection between your computer and DNS resolver
After=network.target network-online.target
[Service]
Type=forking
Restart=always
RestartSec=5
PIDFile=/var/run/dnscrypt-proxy.pid
ExecStart=/usr/local/sbin/dnscrypt-proxy --daemonize
-a 127.0.0.2:40
-R dnscrypt.eu-nl
-E
--edns-payload-size=4096
-p /var/run/dnscrypt-proxy.pid
[Install]
WantedBy=multi-user.target
sudo nano /etc/systemd/system/multi-user.target.wants/dnscrypt-proxy-backup.service
[Unit]
Description=Secure connection between your computer and DNS resolver
After=network.target network-online.target
[Service]
Type=forking
Restart=always
RestartSec=5
PIDFile=/var/run/dnscrypt-proxy.pid
ExecStart=/usr/local/sbin/dnscrypt-proxy --daemonize
-a 127.0.0.3:40
-R d0wn-nl-ns1
-E
--edns-payload-size=4096
-p /var/run/dnscrypt-proxy.pid
[Install]
WantedBy=multi-user.target
Both resolvers support DNSSec and No logs.
When using www.dnsleaktest.com most of the time dnscrypt.eu-nl is showing (and sometimes down-nl-ns1)
Using a second resolver could be handy in case one of the resolvers is offline.
In this case a 'backup' resolver could be handy...
Comments regarding to DNSSec:
I'm not using the settings/admin page of pihole.
By choosing the DNSSec support resolver you should be able to use it.
Futhermore when testing the DNSSec validation I'm using the following sites:
Another test validation is using the following commandline:
dig sigok.verteiltesysteme.net @127.0.0.1 (should return A record)
dig sigfail.verteiltesysteme.net @127.0.0.1 (should return SERVFAIL)
http://en.conn.internet.nl/connection/
In my case all the validations passed!
Just examined the pihole.log.1 file with notepad++.
Results:
SECURE : 161
INSECURE: 0
ABANDONED: 0
BOGUS: 0
Seems my configuration does not allow more than two proxies.