Indiscriminate fallback to system-/bootstrap-resolvers in case of error/interference/disruption?

[cobratbq]

It seems that the normal code-path for name-resolution always falls back to system- and/or bootstrap-resolvers in case of failure when using the configured (secure) DNS-resolution.

dnscrypt-proxy/dnscrypt-proxy/xtransport.go

Line 580 in 64edfa3

ips, ttl, err = xTransport.resolveUsingServers(proto, host, xTransport.bootstrapResolvers, returnIPv4, returnIPv6)

This is a (virtually) silent drop of privacy and confidentiality that, in case of DNSCrypt, would be trivial to detect and abuse.

Am I reading this wrong? (Case err is non-nil.)

edit: I created #3165 by referencing a code-line in a new issue, but now Github is annoyed :-P

edit: the documentation implies that the bootstrap-resolvers are only used to acquire sufficient information to set up a connection with the secure DNS resolvers, whether DNSCrypt or DoH. It seems that this is currently not the case.