Do exit relay dns testing via resolve commands, not begin commands
Apparently @gk is testing for dns failures at exits by doing a connect (begin) request for example.com. That will mostly work but it can fail for reasons other than dns problems -- for example, failure to route to the example.com website, or an exit policy that would refuse to reach example.com.
That's part of why we built the 'resolve' command. It's designed to be used with dnsport or with torsocks, and the idea is that it separates the dns resolve step from the tcp connect step.
It's a bit harder to use than the normal connect approach, since you either need to induce the stream via the controlport, or you need to use our modified ("extended") socks handshake format.
That control port approach is intriguing though -- it seems that we could do all of the scanning with the control port and the .exit notation, and now we don't need to do any socks requests or parse any socks answers!
(I also don't think we're as creative about producing error details in 'resolved' commands as we could be, so if there is some piece of feedback that we're missing that we want, let's change Tor to include it!)