diff --git a/config/dnscrypt-proxy.toml b/config/dnscrypt-proxy.toml
index 57f5b86..dd374aa 100644
--- a/config/dnscrypt-proxy.toml
+++ b/config/dnscrypt-proxy.toml
@@ -708,7 +708,14 @@ fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familys
 
 # skip resolvers incompatible with anonymization instead of using them directly
 
-skip_incompatible = true
+skip_incompatible = false
+
+
+# If public server certificates for a non-conformant server cannot be
+# retrieved via a relay, try getting them directly. Actual queries
+# will then always go through relays.
+
+direct_cert_fallback = false