hehe... it was a bit tricky cause I needed it to work behind a VPN.
If anyone interested now it's much easier with latest OpenVPN version cause 2.4 supports selective push ignore.
I just had to add this directive so I can ignore dns server pushed buit still accept the redirect gateway.pull-filter ignore "dhcp-option DNS "
( option pull_filter 'ignore "dhcp-option DNS "' for LEDE syntax )
So you can reroute your traffic but still use a DNS server of your choice.Thanks for help.
If you are using a VPN, you shouldn't need/use dnscrypt (nor dnssec). Your VPN should provide you with a DNS server to connect to. By using dnscrypt, you are transmitting your dns requests to a server outside the VPN. Although most of the dnscrypt server say they don't keep logs, it's still opening a potential security hole in your VPN. You should only connect to the DNS server inside of your VPN.