Detect misbehaving OpenDNS resolvers
The network health team is doing a lot of different scanning recently, and they have found a few exit nodes using the OpenDNS resolver to look up DNS requests for Tor clients.
OpenDNS is known for doing various naughty things to DNS responses, such as sending people to their advertisement pages and what not.
Tor already have a subsystem for detecting some of this (NX domain hi-jacking) and to see whether some known DNS lookups doesn't resolve properly (google, yahoo, and a few others).
@arma mentioned the following way of detecting this on IRC:
241120 22:45:14 + armadev: ADDRMAP b187399e2708155968a8375b83042767f69f21f0: share.riseup.net = 220.127.116.11 241120 22:45:14 + armadev: ADDRMAP dadcad37de5e22e7e1f323927260155eab3689c2: share.riseup.net = 18.104.22.168 241120 22:45:14 + armadev: ADDRMAP 2f64ea527c4aa6f99e261318dd1ff127828e2525: share.riseup.net = 22.214.171.124 241120 22:45:30 + armadev: $ host 126.96.36.199 241120 22:45:30 + armadev: 188.8.131.52.in-addr.arpa domain name pointer hit-phish.opendns.com.