From 9a6e86eb2ece1b1e964f5b7e8b508e08af02e7e8 Mon Sep 17 00:00:00 2001
From: Error-418 <Error-418@users.noreply.github.com>
Date: Wed, 18 Apr 2018 18:02:20 +0000
Subject: [PATCH] Added a note where these instructions may be incomplete on
 how to setup workaround. Also noted that issue was prominent on AT&T
 accessing Cloudflare.

---
 DNSCrypt-2.0.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/DNSCrypt-2.0.md b/DNSCrypt-2.0.md
index ba2b874..91bf7f8 100644
--- a/DNSCrypt-2.0.md
+++ b/DNSCrypt-2.0.md
@@ -40,6 +40,18 @@ These instructions are the [same](https://github.com/pi-hole/pi-hole/wiki/DNSCry
 * Comment out `#server=...` lines
 * `sudo service dnsmasq restart`: restart dnsmasq
 
+**NOTE** The changes to `/etc/pihole/setupVars.conf` and `/etc/dnsmasq.d/01-pihole.conf` may potentially block off DNSCrypt from reaching an external authoritative DNS server.
+
+A workaround is to set one server in `setupVars.conf` and `01-pihole.conf` to use the IP address of an authoritative server on the net.
+
+This was noted in one case on an AT&T U-verse connection when attempting to use Cloudflare's DNSCrypt service at 1.1.1.1.
+
+For example (fixing Cloudflare's 4/1 service):
+`PIHOLE_DNS1=1.0.0.1`
+`server=1.0.0.1`
+
+This allows Pi-Hole to bypass "AT&T's block on the 1.1.1.1 IP"https://blog.cloudflare.com/fixing-reachability-to-1-1-1-1-globally/ address and use Cloudflare's 4/1 service to properly authenticate requests.
+
 ## Test DNSCrypt
 
 Use the built-in client: