Temat: Dnscrypt a dnsmasq

Witam
miałem założenie blokowania na pętle 127.0.0.1 w dnsmasq zachciało mi się szyfrować zapytania przez dnscrypt i zauważyłem
że jednoczesne działanie w/w dns rozwala moją koncepcję blokowania w konfigu dnsmasq mam ustawione:

config dnsmasq
    option domainneeded '1'
    option filterwin2k '1'
    option localise_queries '1'
    option rebind_protection '1'
    option local '/lan/'
    option domain 'lan'
    option expandhosts '1'
    option nonegcache '1'
    option authoritative '1'
    option logqueries '1'
    option logfacility '/mnt/sdb1/NAS/RUTER/dnsmasq.log'
    option leasefile '/tmp/dhcp.leases'
    option nonwildcard '1'
    option localservice '1'
    list address '/b1.tubexo.net/127.0.0.1'
    list address '/www.avito.ru/127.0.0.1'
    list address '/yandex.com/127.0.0.1'
    list address '/www.yahoo.com/127.0.0.1'
    list addnhosts '/mnt/sdb1/NAS/PL'
    list addnhosts '/mnt/sdb1/NAS/W10'
    list addnhosts '/mnt/sdb1/NAS/adblock'
   
    option quietdhcp '1'
    option cachesize '0'
    option noresolv '1'
    list server '/pool.ntp.org/8.8.8.8'
    list server '127.0.0.1#5353'
    option rebind_localhost '1'

config dhcp 'lan'
    option interface 'lan'
    option start '100'
    option limit '15'
    option leasetime '1h'
    option ra '0'
    option dhcpv6 '0'
    option dynamicdhcp '0'

config dhcp 'wan'
    option interface 'wan'
    option ignore '1'

config odhcpd 'odhcpd'
    option maindhcp '0'
    option leasefile '/tmp/hosts/odhcpd'
    option leasetrigger '/usr/sbin/odhcpd-update'
    option loglevel '4'
---------------------------------------------------
/etc/config/dnscrypt-proxy

config global

config dnscrypt-proxy 'ns1'
    option address '127.0.0.1'
    option port '5353'
    option resolver 'dnscrypt.org-fr'
-------------------------------------------------------
/etc/resolv-crypt.conf
options timeout:1
----------------------------------------------------------
ruter ma w iptables usawiony port 53 według zasady

iptables -t nat -I PREROUTING -s 192.168.1.0/24 -p udp --dport 53 -j DNAT --to 192.168.1.100
iptables -t nat -I PREROUTING -s 192.168.1.0/24 -p tcp --dport 53 -j DNAT --to 192.168.1.100
-----------------------------------------------------------------------------------------------------------------------------
daemon.notice dnscrypt-proxy[10244]: dnscrypt-proxy Proxying from 127.0.0.1:5353 to 212.47.228.136:443

co należało by tutaj poprawić ?

ASUS TUF AX 6000 <-> QNAP TS-473A <->Pihole<->