I have use an iranian isp which means that dns is filtered(cached and filtered) by isp so using 184.108.40.206 returns 10.10.34.34 and 10.10.34.35 for filtered domains.
but I have to use 220.127.116.11 because it is fast and it is needed for a lot of Iranian domains that returns the correct ip, that if I use dnscrypt or other services the ip is not returned correctly.
now I have blacklisted 10.10.34.34 ip in dnsmasq but when I do that and I set both 18.104.22.168 and dnscrypt then it first tries 22.214.171.124 and returns the internal 10.10.34.34 which dnsmasq filters but then it doesn't try to get the next answer from dnscrypt so the overall answer will be an empty one.
is there anyway to fix this so that first 126.96.36.199 is tried and if the filtering address (10.10.34.34) is returned, then it tries the next dns server and get it from dnscrypt?
If I set strict-order then the iranian sites that have dns issues work because it dnsmasq queries 188.8.131.52 but ignoredomain or bogusdomain make dnsmasq to timeout or give empty answer for filtered domains.
if I dont use strict-order then dnsmasq seem to select the dnscrypt for all answers and then I get bad replies for internal iranian websites.