disable "retry DNS on new circuit" for web content
From mikeperry's comment on ticket:5752#comment:7
isis just noted in #tor-dev that Tor retries failed DNS queries on other circuits. It appears that we do this for failed stream attempts too. I agree that's a bad property because it allows a web adversary to cause your browser to keep making new circuits until you pick one that uses its middle node.
We should ensure we disable this "retry on new circuit" behavior for content elements of a given URL bar, so that at least content elements don't get to cause you to create tons of circuits. Once a circuit can load a top-level url correctly, it should be considered reliable enough not to abandon if a DNS or other stream times out. This might actually require a new Tor child ticket and patch, though...
It's not clear what (if anything) we should change about the initial URL bar load behavior, though. Perhaps it is safe to remain unchanged, because Tor would at least rate limit that properly before failing the page load.