dnsmasq is a light weight DNS cache and DHCP server, and it is small and easy to configure. You can use dnsmasq to speed up DNS lookup and block ISP's advertisements.
DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. dnscrypt-proxy is a fast DNS proxy client which can use DNSCrypt to make DNS query secure.
Install dnsmasq and dnscrypt-proxy
apt-get install dnsmasq dnscrypt-proxy
Change dnscrypt-proxy port to 5353
Daemonize yes LocalAddress 127.0.0.1:5353
Use ISP's DNS to parse most of the domains, and use dnscrypt-proxy to parse poisoned domains.
no-resolv no-poll server=220.127.116.11
Add adblock list
wget https://mirror.scorpwill.com/dnsmasq.d/bogus-nxdomain.china.conf wget https://mirror.scorpwill.com/dnsmasq.d/adblock.conf
Request gfwlist domains by dnscrypt-proxy
service dnscrypt-proxy restart service dnsmasq restart
Test DNS service
dig @localhost google.com