I ended up dreaming big and going a step further, instead of just pointing browsers at my remote dnscrypt-proxy DoH endpoint, i ended up wanting system level DNS redirection back like i did with local dnscrypt-proxy instances on Android (ads mostly) and Windows (ads and telemetry). So i navigated the world of creating a DNS stamp for my remote dnscrypt-proxy, which took a lot of fumbling as each stamp i generated would error out, until finally i got it right.

Only thing i have now is install a smaller/simpler dnscrypt-proxy magisk module on Android, and simpler dnscrypt-proxy setup on Windows that both upstream to my remote instance. System level blocking with centralised management of block lists is a wonderful thing....

I hope to wipe and recreate the server from scratch and provide an updated script to the one posted earlier soon