From b061df66310f656ac555c03764bf2f64817d01b5 Mon Sep 17 00:00:00 2001
From: Jack Ivanov <17044561+jackivanov@users.noreply.github.com>
Date: Tue, 26 Jun 2018 13:11:09 +0300
Subject: [PATCH] Move DNSCrypt proxy fallback_resolver to systemd resolved
 (#1011)

---
 roles/common/tasks/ubuntu.yml                         | 7 +++++--
 roles/dns_encryption/templates/dnscrypt-proxy.toml.j2 | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/roles/common/tasks/ubuntu.yml b/roles/common/tasks/ubuntu.yml
index b0f347d..f2799ab 100644
--- a/roles/common/tasks/ubuntu.yml
+++ b/roles/common/tasks/ubuntu.yml
@@ -57,12 +57,15 @@
   tags:
     - always
 
-- name: systemd-networkd enabled and started
+- name: systemd services enabled and started
   systemd:
-    name: systemd-networkd
+    name: "{{ item }}"
     state: started
     enabled: true
     daemon_reload: true
+  with_items:
+    - systemd-networkd
+    - systemd-resolved
   tags:
     - always
 
diff --git a/roles/dns_encryption/templates/dnscrypt-proxy.toml.j2 b/roles/dns_encryption/templates/dnscrypt-proxy.toml.j2
index 72eb898..22e9cfc 100644
--- a/roles/dns_encryption/templates/dnscrypt-proxy.toml.j2
+++ b/roles/dns_encryption/templates/dnscrypt-proxy.toml.j2
@@ -151,7 +151,7 @@ tls_cipher_suite = [49195]
 ## People in China may need to use 114.114.114.114:53 here.
 ## Other popular options include 8.8.8.8 and 1.1.1.1.
 
-fallback_resolver = '1.1.1.1:53'
+fallback_resolver = '127.0.0.53:53'
 
 
 ## Never try to use the system DNS settings; unconditionally use the