DNSCrypt ignore_system_dns

According to DNSCrypt Wiki:

Always use the bootstrap resolver before the system DNS settings.

Thus, this means that DNSCrypt will not use system DNS for internal needs. In any case, DNSCrypt never uses the bootstrap resolver or system DNS to resolve applications DNS queries.

Modern browsers are preconfigured to use DNS over HTTPS. In most cases, even disabling the corresponding option in the browser settings means only automatic mode, and not a complete disabling. This means that the browser can use DOH servers at any time, which could cause a DNS leak as InviZible cannot intercept encrypted DNS queries. In most cases, browsers are pre-configured to use Google DNS.

To prevent DNS leaks, disable secure DNS in your browser settings when using InviZible. InviZible blocks the Google DNS and DNSCrypt bootstrap resolver for use directly by applications when DNSCrypt ignore_system_dns is enabled. In this case, a DNS leak will be prevented.

Since Android 9, it is allowed to configure Private DNS in Android settings. It uses DNS over TLS to encrypt DNS queries for the entire device. But this feature interferes with InviZible and should be OFF when InviZible is running. On some devices, it is not possible to completely disable this feature. Therefore, when you enable ignore_system_dns, InviZible blocks port 853, which is used for DOT.