If it’s possible + stable + improvement (+ free in effort + free in time) = yes, implement.
Obviously. But the technical details matter and that complexity cannot be brushed away. The topic of DNS security is complex… DNS Security - Kicksecure
dnscrypt-proxy is DNSSEC aware but dnscrypt-proxy at time of writing is DNSSEC non-validating. That I find weird. Therefore the answer for Use DNSCrypt by default in Kicksecure? (not Whonix!) for now is “no”.
When re-purposing this forum thread with a more general open question, “which DNS security improvements should Kicksecure deploy by default” the answer is unresolved too. First…
1. Choose an option.