[UPDATE] - Disabled direct connections with the resolvers for failed certificate retrieved via relay

config/dnscrypt-proxy.toml

@@ -708,7 +708,14 @@ fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familys
 
 # skip resolvers incompatible with anonymization instead of using them directly
 
-skip_incompatible = true
+skip_incompatible = false
+
+
+# If public server certificates for a non-conformant server cannot be
+# retrieved via a relay, try getting them directly. Actual queries
+# will then always go through relays.
+
+direct_cert_fallback = false