ExitPolicies might interfere with the domains used for testing DNS issues
ExitPolicies are quite flexible and we should think about ways how we can guard against false positives during our DNS testing. E.g. right now we use http://example.com but it is legit that an exit relay has the respective IP address in their reject rules, so that we get a TTL-expired-error back in that case, too. Even, though everything else works as expected.
(This is not a theoretical issue but happens with relays in the wild)