I see there is a dnscrypt-proxy2, but not sure what it is… The github project links to the main dnscrypt-proxy project so if the main project is fully updated I suspect they are the same.
The idea of dnscrypt proxy is to run a DNS proxy locally on your machine… You re-direct your /etc/resolv.conf to point to localhost and the proxy encrypts your DNS traffic and connects to public DNS which support both DNS over HTTPS and its own proprietary encrypted protocol. Technically, you can’t use DNSSEC because its current implementations are only server/server and AFAIK has never been implemented as client/server.
Since I posted that the default DNS dnscrypt-proxy was pointing to filtered results to fight spam and tracking, I haven’t seen that happening (someone apparently didn’t think that was a good default)… But be aware that option is available if you want to specify DNS (AFAICR default is actually a pool of DNS servers selected on first connection). If I decide to disable dnscrypt use for any reason, I simply modify /etc/resolv.conf for that session (no need to make a permanent modification so the file can be edited directly).
There should be other posts about dnscrypt-proxy in these openSUSE Forums…
An additional benefit is that you won’t have to worry about DNS leaking when using an improperly configured VPN… Ordinarily, a VPN should include pointing to its own DNS to encrypt DNS traffic but some VPNs are set up wrong. If yo’re using dnscrypt-proxy, it won’t matter since your DNS traffic will be encrypted no matter the situation.