Add other dnsdist servers until the MTU issue is fixed

https://github.com/PowerDNS/pdns/pull/7410

dnscrypt-proxy/config.go

@@ -134,7 +134,11 @@ func newConfig() Config {
 		LBEstimator:              true,
 		BlockedQueryResponse:     "hinfo",
 		BrokenImplementations: BrokenImplementationsConfig{
-			FragmentsBlocked:       []string{"cisco", "cisco-ipv6", "cisco-familyshield", "quad9-dnscrypt-ip4-filter-alt", "quad9-dnscrypt-ip4-filter-pri", "quad9-dnscrypt-ip4-nofilter-alt", "quad9-dnscrypt-ip4-nofilter-pri", "quad9-dnscrypt-ip6-filter-alt", "quad9-dnscrypt-ip6-filter-pri", "quad9-dnscrypt-ip6-nofilter-alt", "quad9-dnscrypt-ip6-nofilter-pri"},
+			FragmentsBlocked: []string{
+				"cisco", "cisco-ipv6", "cisco-familyshield",
+				"quad9-dnscrypt-ip4-filter-alt", "quad9-dnscrypt-ip4-filter-pri", "quad9-dnscrypt-ip4-nofilter-alt", "quad9-dnscrypt-ip4-nofilter-pri", "quad9-dnscrypt-ip6-filter-alt", "quad9-dnscrypt-ip6-filter-pri", "quad9-dnscrypt-ip6-nofilter-alt", "quad9-dnscrypt-ip6-nofilter-pri",
+				"qualityology.com", "freetsa.org", "ffmuc.net", "opennic-bongobow", "sth-dnscrypt-se", "ams-dnscrypt-nl",
+			},
 			LargerResponsesDropped: []string{"quad9-dnscrypt-ip4-filter-alt", "quad9-dnscrypt-ip4-filter-pri", "quad9-dnscrypt-ip4-nofilter-alt", "quad9-dnscrypt-ip4-nofilter-pri", "quad9-dnscrypt-ip6-filter-alt", "quad9-dnscrypt-ip6-filter-pri", "quad9-dnscrypt-ip6-nofilter-alt", "quad9-dnscrypt-ip6-nofilter-pri"},
 		},
 	}

dnscrypt-proxy/example-dnscrypt-proxy.toml

@@ -624,13 +624,16 @@ cache_neg_max_ttl = 600
 
 # Cisco servers currently cannot handle queries larger than 1472 bytes, and don't
 # truncate reponses larger than questions as expected by the DNSCrypt protocol.
+# This prevents large responses from being received over UDP and over relays.
+#
+# The `dnsdist` server software properly truncates DNSCrypt responses, but
+# introduced a change in version 1.4.0 that inadvertently broke relaying for the
+# same reason. They are aware of it and are working on a fix.
+#
+# The list below enables workarounds to make non-relayed usage more reliable
+# until the servers are fixed.
 
-# This prevents large responses from being received over UDP, and breaks relaying.
-# A workaround for the first issue will be applied to servers in list below.
-# Relaying cannot be reliable until the servers are fixed.
-# Do not change that list until the bugs are fixed server-side.
-
-fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'quad9-dnscrypt-ip4-filter-alt', 'quad9-dnscrypt-ip4-filter-pri', 'quad9-dnscrypt-ip4-nofilter-alt', 'quad9-dnscrypt-ip4-nofilter-pri', 'quad9-dnscrypt-ip6-filter-alt', 'quad9-dnscrypt-ip6-filter-pri', 'quad9-dnscrypt-ip6-nofilter-alt', 'quad9-dnscrypt-ip6-nofilter-pri']
+fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'quad9-dnscrypt-ip4-filter-alt', 'quad9-dnscrypt-ip4-filter-pri', 'quad9-dnscrypt-ip4-nofilter-alt', 'quad9-dnscrypt-ip4-nofilter-pri', 'quad9-dnscrypt-ip6-filter-alt', 'quad9-dnscrypt-ip6-filter-pri', 'quad9-dnscrypt-ip6-nofilter-alt', 'quad9-dnscrypt-ip6-nofilter-pri', 'qualityology.com', 'freetsa.org', 'ffmuc.net', 'opennic-bongobow', 'sth-dnscrypt-se', 'ams-dnscrypt-nl']
 
 # Quad9 ignores the query instead of sending a truncated response when the
 # response is larger than the question.