How to remove resolver from list of available resolvers

[e-t-l]

As described in this dnscrypt-proxy discussion thread, Kaspersky Security Cloud keeps flagging dnscrypt-proxy.exe and trying to disconnect it. It gives me the following message:

Cannot guarantee authenticity of the domain to which an encrypted connection is being established Event: SSL connection with invalid certificate detected Application: dnscrypt-proxy.exe URL: rdns.faelix.net Reason: This certificate or one of the certificates in the certificate chain is not up to date.

If I try to ignore it, it pops up back up, sometimes immediately and sometimes after a few minutes. The only other option given to me is "Disconnect" which I'd rather not do, since I'm pretty sure that would stop dnscrypt-proxy from working properly.

In that discussion thread, they confirmed it was harmless, but I couldn't figure out how to make it stop happening (and since I use SimpleDnsCrypt on basically default settings, I didn't understand how to do it otherwise. I see several faelix servers in the list of available resolvers, but I don't know how to edit or remove resolvers from this list. (All the resolvers in the list are unselected, and to be honest I'm not sure what selecting one would change. I find the SimpleDnsCrypt documentation confusing and not particularly detailed, at least when it comes to what configurations affect what.)

[slyphnier]

did u tried disable automatic-mode and manually select server ?

how about adding whitelist URL: rdns.faelix.net in kaspersky security cloud

from my guessing is that, as by default it simplednscrypt using automatic-mode and select the dns server with fastest connection and it happen that it choose "rdns.faelix.net" but kaspersky flag that dns for certificate issue... so changing to other dns server that not flagged in kaspersky should solve ur issue

[e-t-l]

I think both of us have the understanding that "automatic-mode" is when all the resolves are unselected so the fastest is chosen automatically. I do not want to disable automatic mode. I like having the fastest server selected at all times. Per the title of this thread, I'd just like to know if it's possible to remove problematic resolves from the list.

[slyphnier]

that resolver list (file: public-resolvers.md that u can find in simplednscrypt/dnscrypt folder) is not editable for few reasons, we use dnscrypt for better+secure dns connection, thus those resolver-list need to be tamper proof

with manual, you can also select all available DNS and just skip the problematic one and DNScrypt will still choose the fastest one from those manual-selected-resolver AFAIK to test, you can use dnsleaktest.com to detect used resolve-server and then you can ping test to that server