Thanks for sharing the ideas,
gkbsd.
I started playing around with DNSCrypt yesterday and have it running now at home (on Linux). Seems to be working. I guess you could run several of these, each proxying for a different DNSCrypt resolver, and then use each one as a forwarder for your normal caching nameserver, to get some redundancy (but so far I'm just using one).
I'm running it as an unprivileged user, dnscp, created for this purpose. When I do this there are two dsncrypt-proxy processes running, one as root and one as dnscp. Any idea if that's what's supposed to happen?
I was also wondering about using this at public access WiFi (the proverbial "coffee shop" mentioned in
README.markdown). This would be a place it is most useful. I'm not sure how well it would mesh with the hotspot start-up procedures sometimes though. Has anyone had any problems with that?
Anyway, nice to try out something that may improve on the status quo.