When not an exit node, don't test for DNS hijacking.

Back in 5e762e6a5c0e6729bb7dbb586af2690c087d9ba8, non-exit servers
stopped launching DNS requests for users.  So there's no need for them
to see if their DNS answers are hijacked.

Patch from Matt Pagan.  I think this is a 965 fix.

2 files changed, 11 insertions, 3 deletions

diff --git a/changes/bug965 b/changes/bug965
new file mode 100644
index 0000000000..d0870d0384
--- /dev/null
+++ b/changes/bug965
@@ -0,0 +1,6 @@
+  o Minor bugfixes:
+
+    - Non-exit servers no longer launch mock DNS requests to check for
+      DNS hijacking.  This has been unnecessary since 0.2.1.7-alpha,
+      when non-exit servers stopped servicing DNS requests. Fixes bug
+      965; bugfix on 0.2.1.7-alpha. Patch from Matt Pagan.
diff --git a/src/or/main.c b/src/or/main.c
index a191d1c61b..5404e962cd 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -1551,10 +1551,12 @@ run_scheduled_events(time_t now)
   channel_run_cleanup();
   channel_listener_run_cleanup();
 
-  /** 9. and if we're a server, check whether our DNS is telling stories to
-   * us. */
+  /** 9. and if we're an exit node, check whether our DNS is telling stories
+   * to us. */
   if (!net_is_disabled() &&
-      public_server_mode(options) && time_to_check_for_correct_dns < now) {
+      public_server_mode(options) &&
+      time_to_check_for_correct_dns < now &&
+      ! router_my_exit_policy_is_reject_star()) {
     if (!time_to_check_for_correct_dns) {
       time_to_check_for_correct_dns = now + 60 + crypto_rand_int(120);
     } else {