No reason to panic, lets just investigate. There have been leaks in the past but I'm not aware of any right now; doesn't mean there aren't any. Are the DNS servers your host is using any of those IPs? do those IPs get mentioned at all in your debug.log?
My Bitcoin 0.11.2 keeps trying to bypass Tor. To answer Gregory's questions:
- my DNS servers are not using this IPs
- yes, these IPs are mentioned in my debug.log, which says "failed: Host is down" because I keep blocking this connections with my reverse firewall
Today I allowed one of such connections and captured it with Wireshark. Any specific info you would like me to post to try to understand why Bitcoin Core is bypassing Tor?
Are you connecting to clearnet nodes over Tor? In some cases Tor assigns an internal IP to a hidden service to allow for proper DNS resolution etc, maybe you are connecting to clearnet nodes, and whenever your client tries to connect to a hidden service, Tor assigns it an internal IP, which is then blocked by your firewall.
Do you have onlynet=tor in your config? this will force you to only connect to hidden services.
I don't have "onlynet=tor" in my config; I just configured the SOCKS5 proxy on the Network settings in the Preferences of Core.