dnscrypt-proxy

dnscrypt-proxy is a DNS proxy that implements the dnscrypt and DNS-over-HTTPS (doh) protocols.

A copy of the this document is available online

Configuration

User interface of dnscrypt-proxy
  1. Generate Blacklist: will fetch provided lists and update the var/blacklist.txt file using the generate-domains-blacklist.py script
  2. Save: Saves the file to disk. You need to manually restart dnscrypt-proxy to apply changes.

For more detailed information I suggest you visit the dnscrypt-proxy wiki.

Optional: Individual device configuration

Cloudflare has some good instructions on how to change your DNS settings to point to a custom DNS server. Instead of 1.1.1.1 you need to use your Synology's IP address. e.g. 192.168.1.1

Test that everything is working correctly

To see which servers are resolving your queries you can visit dnsleaktest.com

If you prefer the command line you can use dig whoami.akamai.net, drill resolver.dnscrypt.org or nslookup whoami.ultradns.net to find out which resolver is currently in use. Using the output the SERVER should be the IP address of the device running DNSCrypt-Proxy. The IP address in the ANSWER SECTION should be your preferred DNS resolver. Note that on anycast networks like 1.1.1.1 or 8.8.8.8 the IPs will differ and can checked by the ASN