We've made some changes to the way we present Tor exit lists. The Tor Exit List service maintains lists of IP addresses used by all exit relays in the Tor network. Service providers may find it useful to know if users are coming from the Tor network, as they may wish to provide their users with an onion service. Tor Project also uses this information to help maintain a healthy network and to perform troubleshooting.

Exit lists are provided through three interfaces: raw measurement results are archived by CollecTor, a text file containing all exit addresses is available for download to query locally, and finally, we provide a DNS exit list service to allow services to perform real-time lookups. The DNS system is described below.

Changes to the DNS-based system

The DNS-based system for looking up whether a client is connecting through Tor has been replaced with a brand-new service featuring a simplified lookup mechanism. The new system is up and running and behaves closer to a typical DNS-based list service, and so it may be easier to integrate without requiring custom code implementation. Operators currently using this need to switch from the old system which will be retired on the 1st of April.

If a client IP address is a Tor exit relay, the new service will return an A record of 127.0.0.2. You'll also be able to look up a TXT record with the fingerprint of the relay to learn more about the individual relay.

Changes to the bulk exit list

As was the case previously, https://check.torproject.org/torbulkexitlist still provides a bulk list of IP addresses, with a simplified interface - queries of the exit list based on exit policy are no longer permitted. If we have observed an exit relay using an IP address through our active measurements, this will be listed as an exit relay in the new service regardless of the exit policy and will be returned in the bulk list of IP addresses regardless of the query made.

The full details about the changes can be found in this post to the tor-project mailing list.