diff --git a/changes/bug6203 b/changes/bug6203
new file mode 100644
index 0000000000..bf967535b8
--- /dev/null
+++ b/changes/bug6203
@@ -0,0 +1,5 @@
+  o Minor bugfixes:
+    - Disable a spurious warning about reading on a marked and flushing
+      connection. We shouldn't be doing that, but apparently we
+      sometimes do. Fix for bug 6203; bugfix on 0.2.3.17-beta.
+
diff --git a/changes/bug6211 b/changes/bug6211
new file mode 100644
index 0000000000..2c8d9b8e70
--- /dev/null
+++ b/changes/bug6211
@@ -0,0 +1,4 @@
+  o Minor bugfixes:
+    - Fix a bug that stopped AllowDotExit from working on addresses
+      that had an entry in the DNS cache. Fixes bug 6211; bugfix on
+      0.2.3.17-beta.
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 210c2e03c6..98920781a2 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -1100,8 +1100,8 @@ addressmap_match_superdomains(char *address)
  * address starts out as a non-exit address, and we remap it to an .exit
  * address at any point, then set *<b>exit_source_out</b> to the
  * address_entry_source_t of the first such rule.  Set *<b>exit_source_out</b>
- * to ADDRMAPSRC_NONE if there is no such rewrite.
- *
+ * to ADDRMAPSRC_NONE if there is no such rewrite, or if the original address
+ * was a .exit.
  */
 int
 addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
@@ -1111,10 +1111,12 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
   int rewrites;
   time_t expires = TIME_MAX;
   addressmap_entry_source_t exit_source = ADDRMAPSRC_NONE;
+  char *addr_orig = tor_strdup(address);
+  char *log_addr_orig = NULL;
 
   for (rewrites = 0; rewrites < 16; rewrites++) {
     int exact_match = 0;
-    char *addr_orig = tor_strdup(escaped_safe_str_client(address));
+    log_addr_orig = tor_strdup(escaped_safe_str_client(address));
 
     ent = strmap_get(addressmap, address);
 
@@ -1125,7 +1127,6 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
           !strcasecmp(address, ent->new_address)) {
         /* This is a rule like *.example.com example.com, and we just got
          * "example.com" */
-        tor_free(addr_orig);
         goto done;
       }
 
@@ -1133,7 +1134,6 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
     }
 
     if (!ent || !ent->new_address) {
-      tor_free(addr_orig);
       goto done;
     }
 
@@ -1151,10 +1151,11 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
     }
 
     log_info(LD_APP, "Addressmap: rewriting %s to %s",
-             addr_orig, escaped_safe_str_client(address));
+             log_addr_orig, escaped_safe_str_client(address));
     if (ent->expires > 1 && ent->expires < expires)
       expires = ent->expires;
-    tor_free(addr_orig);
+
+    tor_free(log_addr_orig);
   }
   log_warn(LD_CONFIG,
            "Loop detected: we've rewritten %s 16 times! Using it as-is.",
@@ -1162,6 +1163,8 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
   /* it's fine to rewrite a rewrite, but don't loop forever */
 
  done:
+  tor_free(addr_orig);
+  tor_free(log_addr_orig);
   if (exit_source_out)
     *exit_source_out = exit_source;
   if (expires_out)
diff --git a/src/or/main.c b/src/or/main.c
index f8740d7b2f..1f3117b230 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -848,7 +848,10 @@ conn_close_if_marked(int i)
                            "Holding conn (fd %d) open for more flushing.",
                            (int)conn->s));
         conn->timestamp_lastwritten = now; /* reset so we can flush more */
-      } else if (sz == 0) { /* retval is also 0 */
+      } else if (sz == 0) {
+        /* Also, retval==0.  If we get here, we didn't want to write anything
+         * (because of rate-limiting) and we didn't. */
+
         /* Connection must flush before closing, but it's being rate-limited.
          * Let's remove from Libevent, and mark it as blocked on bandwidth
          * so it will be re-added on next token bucket refill. Prevents
@@ -860,6 +863,13 @@ conn_close_if_marked(int i)
           connection_stop_writing(conn);
         }
         if (connection_is_reading(conn)) {
+          /* XXXX024 We should make this code unreachable; if a connection is
+           * marked for close and flushing, there is no point in reading to it
+           * at all. Further, checking at this point is a bit of a hack: it
+           * would make much more sense to react in
+           * connection_handle_read_impl, or to just stop reading in
+           * mark_and_flush */
+#if 0
 #define MARKED_READING_RATE 180
           static ratelim_t marked_read_lim = RATELIM_INIT(MARKED_READING_RATE);
           char *m;
@@ -870,6 +880,7 @@ conn_close_if_marked(int i)
                      conn_state_to_string(conn->type, conn->state), m);
             tor_free(m);
           }
+#endif
           conn->read_blocked_on_bw = 1;
           connection_stop_reading(conn);
         }