dani-corie
commented
3 years ago TBH dnscrypt wouldn't even need support from the VPN provider... I'm thinking that not using the provider's DNS servers, and instead allowing arbitrary third party dnscrypt servers to be configured might actually be more secure.
(I use dnscrypt-proxy for my unencrypted traffic, and have been thinking about running a second instance for the vpn namespace... I don't see any reason why it shouldn't work. Some support in the tool would be cool though.)
For providers that support it, like AzireVPN for the US DNS server.
See: https://wiki.archlinux.org/index.php/Dnscrypt-proxy
and: https://www.azirevpn.com/docs/servers