I have tried setting both 'cisco' and 'opendns' but it never successfully proxies. If I set another resolver (e.g. fvz-anyone) it starts proxying. fvz-anyone is quite slow. I've always found opendns to be fast.
my proxy settings:
config dnscrypt-proxy ns1
option address '127.0.0.1'
option port '5353'
option resolver 'cisco'
Solved it. If anyone else has this problem, add this to /etc/rc.local
sleep 10
/etc/init.d/dnscrypt-proxy start
Below you can find the current list of supported resolvers. I also like to use resolvers that support DNSSEC but this requires you to have dnsmasq-full installed and DNSSEC enabled in config file.
https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv
Yes, I would love to use DNSSEC, but I haven't found a reliable resolver yet for my location. If I do in the future, I just install dnsmasq-full like you said or are there additional "setup" items I need to change after running:
opkg install dnsmasq-full
You need to first remove current dnsmasq.
opkg remove dnsmasq
It's also good to backup your current dhcp cofiguration before installing dnsmasq-full
mv /etc/config/dhcp /etc/config/dhcpOLD
Then you can install dnsmasq-full
opkg install dnsmasq-full
After you installed it you need to add this to dhcp config file under section config dnsmasq
option dnssec '1'
After you do this you can only use resovers which support DNSSEC. About the location I'm using multiple resolvers and some of them are from Australia (I live in Europe). As long as you have enabled dns cache entries, you are good to go.
Had the same issue -- dnscrypt-proxy would not reliably start from its init script. Logs looked like it successfully connected but then it would complain about keys mismatch or something. Could have been due to the clock not being set for a while until router boots up (even tho I've had ntp servers resolved outside of dnscrypt-proxy).
I didn't have much time to investigate, so I ended up restarting dnscrypt-proxy from rc.local like you did.
Hey... quick question. I have dnscrypt working ... tested it with dnsleaktest.com and it looks like it's working ok from my notebook , but when I sniff the traffic at the router, it looks like it is still resolving the DNS queries through OpenDns ( which I have configured in dnsmasq too )
21:47:57.188138 ethertype IPv4, IP (tos 0x0, ttl 56, id 41392, offset 0, flags [DF], proto UDP (17), length 135)
resolver2.opendns.com.53 > 190.153.129.172.57264: 12632 3/0/0 block.dropbox.com. CNAME block.dropbox-dns.com., block.dropbox-dns.com. CNAME block-dfw.dropbox-dns.com., block-dfw.dropbox-dns.com. A 162.125.48.130 (107)
21:47:57.188138 IP (tos 0x0, ttl 56, id 41392, offset 0, flags [DF], proto UDP (17), length 135)
resolver2.opendns.com.53 > 190.153.129.172.57264: 12632 3/0/0 block.dropbox.com. CNAME block.dropbox-dns.com., block.dropbox-dns.com. CNAME block-dfw.dropbox-dns.com., block-dfw.dropbox-dns.com. A 162.125.48.130 (107)
21:47:57.188237 IP (tos 0x0, ttl 64, id 63715, offset 0, flags [DF], proto UDP (17), length 135)
RouterACS.lan.53 > SILVAMARI11.lan.56863: 48726 3/0/0 block.dropbox.com. CNAME block.dropbox-dns.com., block.dropbox-dns.com. CNAME block-dfw.dropbox-dns.com., block-dfw.dropbox-dns.com. A 162.125.48.130 (107)
21:47:57.188243 IP (tos 0x0, ttl 64, id 63715, offset 0, flags [DF], proto UDP (17), length 135)
RouterACS.lan.53 > SILVAMARI11.lan.56863: 48726 3/0/0 block.dropbox.com. CNAME block.dropbox-dns.com., block.dropbox-dns.com. CNAME block-dfw.dropbox-dns.com., block-dfw.dropbox-dns.com. A 162.125.48.130 (107)
What am I missing?
I was RIGHT NOW reading that 
I'll let you know what was happening... looks like I need to comment out some lines in dnsmasq...
DONE ... I had entries i the dnsmasq.conf file pointing into the OpenDNS Servers. So this issue is solved now, I have all my dns traffic secured.
Now, question ... I assume I can't combine dnscrypt with opendns to use their "useful" functionality of blocking various malware/bad sites ... and as I'm not using adblock at the router since I've found it very inconvenient as it blocks "way more" than what I would like ( I need a "mild" protection here, mainly for my kids at home ) ... any guidance on how to implement an automatic blacklisting with dnscrypt? I've read the blacklisting section of the wiki in dnscrypt's site, but it won't automatically update the list ?