Hi there,
so i've been using the dnsproxy client from AdguardTeam for a while now.. You can use multiple upstreams (including tls and doh) and you can set 2 different upstream modes, either letting the proxy pick the fastest upstream or you can choose parallel queries to all upstreams.
Github Link:
It does not support DNSSEC though, so i combined it with dnscrypt-proxy. I set dnsproxy as upstream dns server on pihole and i set the dnscrypt-proxy listen address + tls://one.one.one.one as upstream on dnsproxy with the option --all-servers to use parallel queries.
This also works in combination with nginx tls encryption, so you can use pihole blocking outside lan.
Another problem is that dnsproxy has no service file and can only be started through command line, so i created one + a simple config file. (The config file goes in /opt/dnsproxy).
dnsproxy.service:
[Unit]
Description=dnsproxy
After=syslog.target
After=network.target
[Service]
Restart=always
RestartSec=2s
WorkingDirectory=/opt/dnsproxy
EnvironmentFile=/opt/dnsproxy/dnsproxy.conf
ExecStart=/usr/local/bin/dnsproxy -l $LISTEN_ADDR -p $LISTEN_PORT -u $UPSTREAM_1 -u $UPSTREAM_2 -f $FALLBACK --all-servers
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
dnsproxy.conf:
LISTEN_ADDR=
LISTEN_PORT=
UPSTREAM_1=
UPSTREAM_1=
FALLBACK=