dnsmasq is a light weight DNS cache and DHCP server, and it is small and easy to configure. You can use dnsmasq to speed up DNS lookup and block ISP's advertisements.

DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. dnscrypt-proxy is a fast DNS proxy client which can use DNSCrypt to make DNS query secure.

Install dnsmasq and dnscrypt-proxy

apt-get install dnsmasq dnscrypt-proxy

Change configuration

Change dnscrypt-proxy port to 5353
vi /etc/dnscrypt-proxy/dnscrypt-proxy.conf

Daemonize yes
LocalAddress 127.0.0.1:5353

Use ISP's DNS to parse most of the domains, and use dnscrypt-proxy to parse poisoned domains.
vi /etc/dnsmasq.conf

no-resolv
no-poll
server=114.114.114.114

cd /etc/dnsmasq.d

Add adblock list

wget https://mirror.scorpwill.com/dnsmasq.d/bogus-nxdomain.china.conf
wget https://mirror.scorpwill.com/dnsmasq.d/adblock.conf

Request gfwlist domains by dnscrypt-proxy
wget https://mirror.scorpwill.com/dnsmasq.d/gfwlist_noipset.conf

Restart services

service dnscrypt-proxy restart
service dnsmasq restart

Test DNS service
dig @localhost google.com