diff --git a/ChangeLog b/ChangeLog
index a51a3e35f61ca950b26958182b81b3f56c83327a..e603e16649e16d5d9ef1a93f272f855ba8da14b7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -106,6 +106,8 @@ Changes in version 0.1.2.2-alpha - 2006-10-??
     - Make eventdns give strings for DNS errors, not just error numbers.
     - Be prepared in case we ever have a network with more than 2GB per
       second total advertised capacity.
+    - Make TrackExitHosts case-insensitive, and fix the behavior of .suffix
+      TrackExitHosts items to avoid matching in the middle of an address.
 
   o Documentation
     - Documented (and renamed) ServerDNSSearchDomains and
diff --git a/src/or/circuituse.c b/src/or/circuituse.c
index 4ccd4c1be17153dc1203da57b68767afd7055b0f..092208b637d9664d71b7d929de8b255bdcea70e7 100644
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@@ -1120,14 +1120,13 @@ consider_recording_trackhost(edge_connection_t *conn, origin_circuit_t *circ)
 
   SMARTLIST_FOREACH(options->TrackHostExits, const char *, cp, {
     if (cp[0] == '.') { /* match end */
-      /* XXX strstr is probably really bad here. */
-      if ((str = strstr(conn->socks_request->address, &cp[1]))) {
+      if (!strcasecmpend(conn->socks_request->address, cp)) {
         if (str == conn->socks_request->address
           || strcmp(str, &cp[1]) == 0) {
           found_needle = 1;
         }
       }
-    } else if (strcmp(cp, conn->socks_request->address) == 0) {
+    } else if (strcasecmp(cp, conn->socks_request->address) == 0) {
       found_needle = 1;
     }
   });