From ee5f80c2bf98b97ae6552a756c68519d196281a7 Mon Sep 17 00:00:00 2001
From: quindecim <quindecim@firemail.cc>
Date: Sat, 19 Dec 2020 04:36:29 -0500
Subject: [PATCH] [UPSTREAM] - Add recommendation for fallback resolvers in the
 example config

https://github.com/DNSCrypt/dnscrypt-proxy/commit/77f81cc8c2aeb8b0efac16ea1e110910d7225242
---
 config/example-docs/example-dnscrypt-proxy.toml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/config/example-docs/example-dnscrypt-proxy.toml b/config/example-docs/example-dnscrypt-proxy.toml
index aaeb8c3..e1b9885 100644
--- a/config/example-docs/example-dnscrypt-proxy.toml
+++ b/config/example-docs/example-dnscrypt-proxy.toml
@@ -209,12 +209,16 @@ cert_refresh_delay = 240
 ## These are normal, non-encrypted DNS resolvers, that will be only used
 ## for one-shot queries when retrieving the initial resolvers list, and
 ## only if the system DNS configuration doesn't work.
+##
 ## No user application queries will ever be leaked through these resolvers,
 ## and they will not be used after IP addresses of resolvers URLs have been found.
 ## They will never be used if lists have already been cached, and if stamps
 ## don't include host names without IP addresses.
+##
 ## They will not be used if the configured system DNS works.
-## Resolvers supporting DNSSEC are recommended.
+## Resolvers supporting DNSSEC are recommended, and, if you are using
+## DoH, fallback resolvers should ideally be operated by a different entity than
+## the DoH servers you will be using, especially if you have IPv6 enabled.
 ##
 ## People in China may need to use 114.114.114.114:53 here.
 ## Other popular options include 8.8.8.8 and 1.1.1.1.