All traffic from Whonix-Workstation and Whonix-Gateway is routed over Tor.    
- Since Whonix 0.2.1 also the Whonix-Gateway traffic is routed over Tor. This prevents telling the world that the user is a Whonix user.
- To preserve anonymity of activities the user is doing inside Whonix-Workstation, it would not be required to torify Whonix-Gateway's own traffic.
- For your interest: if you were to change DNS settings on Whonix-Gateway in Stream Isolation). , this would only affect Whonix-Gateways's own DNS requests issued by applications using the system's default DNS resolver. Actually, by default, no applications issuing network traffic on Whonix-Gateway use the system's default DNS resolver. All applications installed by default on Whonix-Gateway issuing network traffic (apt-get, whonixcheck, timesync) are explicitly configured (or forced by uwt wrappers) to use their own Tor SocksPort (see
- Whonix-Workstation's default applications are configured to use separate Tor SocksPort's (see Stream Isolation), thus not using the system's default DNS resolver. Any applications on Whonix-Workstation, not configured for stream isolation (for example ), will use the default DNS server configured in Whonix-Workstation in , which is Whonix-Gateway. Those DNS requests will be redirected to Tor's DnsPort by Whonix-Gateway's firewall. (Therefore Whonix-Gateway's does not affect Whonix-Workstation's DNS requests.