dnscrypt-proxy: [Android] dnscrypt-proxy doesn't work on Android 10

ISSUE

dnscrypt-proxy on Android doesn’t work on new Android 10 (Q).

dnscrypt-proxy can start, report about connection, but can’t do the job. The behaviour looks like it’s appears restricted on system level or I don’t know what…

iNFO

Seems like some new changes in Andoid DNS daemon stop dnscrypt-proxy from working.

Let’s have a look at the option:

Settings -> Network & Internet -> Private DNS

( ) Off
( ) Automatic
(•) Private DNS provider hostname : localhost

Only the names can be accepted here (not the IPs). This option was designed for entering the names of alternative DNS servers that support DoT (DNS-over-TLS). There are almost no such servers over the Internet (let alone trusted ones). It is clear that when dnscrypt-proxy used, then this nonsense does not need anyone. But exactly this thing (IMO) prevents dnscrypt-proxy from working.

Values (•) Off, or (•) Automatically do not make sense here at all, because the servers of the “not evil” corporation will be used, or the mobile operator’s defaults.

Since the OS uses a third-party DNS service (dnscrypt-proxy), in order to avoid interference and leaks, the obvious decision was made to specify there a value: localhost The problem was quickly solved and forgotten before Android 10.

Now this trick doesn’t work. From what I can assume that in Android 9 this option was experimental and optional, and DNS daemon in the Android 10 has become closely tied to this option and does not let run dnscrypt-proxy. I don’t know the workaround for this yet.

Moreover, I know for sure that the dnscrypt-proxy binary is in the ready state. The dnscrypt-proxy connection logs say about readiness and finding the right encrypted servers according to my settings. But “Private DNS” option in Android 10 option does not allow dnscrypt-proxy to start working at system level as usual.

May be I’m wrong about a reason of the issue… Any suggestions how this should be fixed?