Clarification, a warning, and another way to disable ISP DNS

Installation-on-OpenWrt.md

@@ -165,13 +165,15 @@ Edit `/etc/sysupgrade.conf` to add files to be included in backups.
 
 ### Prevent DNS leaks outside of `dnscrypt-proxy` and disable `dnsmasq` cache
 
+**Warning:** Before attempting the following, ensure that you have `dnscrypt-proxy` running and resolving DNS queries correctly because the following settings will disable the ISP's DNS.
+
 Edit `/etc/config/dhcp`:
 
 ```text
 config dnsmasq
-    # Ignore ISP's DNS:
+    # Ignore ISP's DNS by not reading upstream servers from /etc/resolv.conf
     option noresolv '1'
-    # Change /etc/resolv.conf to direct local router processes to use local dnsmasq:
+    # Ensures that /etc/resolv.conf directs local system processes to use dnsmasq and hence dnscrypt-proxy
     option localuse '1'
     # Don't forward RFC 1918 private addresses and RFC 6761 top level domains
     option boguspriv '1'
@@ -188,10 +190,15 @@ logread -l 100 | grep dnsmasq
 ```sh
 opkg update; opkg upgrade dnsmasq
 ```
+### Optional: Completely disable ISP's DNS servers
+For the perfectionists, add this option to `/etc/config/network` to prevent the ISP's DNS servers from being used anywhere:
+
+```sh
+config interface 'wan'    # or 'wan6'
+    option peerdns '0'
+```
 
 ### Prevent DNS queries to other local zones
-
-
 In order to prevent leakage of queries from [these local zones](https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/plugin_block_undelegated.go) (such as `168.192.in-addr.arpa`) to upstream resolvers, ensure that you're running version 2.0.36 or later with this line present (it is now enabled by default in `dnscrypt-proxy.toml`):
 
 ```toml