From dba04113465c1a04f265d868c0aec79709f066b4 Mon Sep 17 00:00:00 2001
From: quindecim <quindecim@airmail.cc>
Date: Mon, 6 Jul 2020 18:09:47 -0400
Subject: [PATCH] [UPDATE] - Disabled direct connections with the resolvers for
 failed certificate retrieved via relay

---
 config/dnscrypt-proxy.toml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/config/dnscrypt-proxy.toml b/config/dnscrypt-proxy.toml
index 57f5b86..dd374aa 100644
--- a/config/dnscrypt-proxy.toml
+++ b/config/dnscrypt-proxy.toml
@@ -708,7 +708,14 @@ fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familys
 
 # skip resolvers incompatible with anonymization instead of using them directly
 
-skip_incompatible = true
+skip_incompatible = false
+
+
+# If public server certificates for a non-conformant server cannot be
+# retrieved via a relay, try getting them directly. Actual queries
+# will then always go through relays.
+
+direct_cert_fallback = false