diff --git a/DNSCrypt-2.0.md b/DNSCrypt-2.0.md
index ba2b874..91bf7f8 100644
--- a/DNSCrypt-2.0.md
+++ b/DNSCrypt-2.0.md
@@ -40,6 +40,18 @@ These instructions are the [same](https://github.com/pi-hole/pi-hole/wiki/DNSCry
 * Comment out `#server=...` lines
 * `sudo service dnsmasq restart`: restart dnsmasq
 
+**NOTE** The changes to `/etc/pihole/setupVars.conf` and `/etc/dnsmasq.d/01-pihole.conf` may potentially block off DNSCrypt from reaching an external authoritative DNS server.
+
+A workaround is to set one server in `setupVars.conf` and `01-pihole.conf` to use the IP address of an authoritative server on the net.
+
+This was noted in one case on an AT&T U-verse connection when attempting to use Cloudflare's DNSCrypt service at 1.1.1.1.
+
+For example (fixing Cloudflare's 4/1 service):
+`PIHOLE_DNS1=1.0.0.1`
+`server=1.0.0.1`
+
+This allows Pi-Hole to bypass "AT&T's block on the 1.1.1.1 IP"https://blog.cloudflare.com/fixing-reachability-to-1-1-1-1-globally/ address and use Cloudflare's 4/1 service to properly authenticate requests.
+
 ## Test DNSCrypt
 
 Use the built-in client: