[tor-relays] Do nameservers ever block an entire /64 if a Tor exit is in there?

[forest-relay-contact--- via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello.

I'm aware that some nameservers block Tor, so running a recursive local
resolver on the same IP that traffic exits can be a bad idea. The usual
solution is to buy an extra IPv4 and bind the local resolver to it.

What about IPv6? Is it safe to simply make a new IPv6 on the same /64
and use that for recursive lookups, or are there nameservers that block
the entire /64 that a single Tor exit relay is on?

I currently use Unbound with "do-ip6: no" because I do not want to fail
lookups and receive a BadExit flag if my entire /64 is blocked.

Regards,
forest
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvLrj6cuOL+I/KdxYBh18rEKN1gsFAmlFss8ACgkQBh18rEKN
1gugfA//UuYYhq7ATC1r3J/t5yHXB0bovAPzj519ICXGXaJ0TW86hY3PC5WzdYzk
zKvKXArhQKm2Xdu9kh2w6YfETo3xTdUnTyLlBH1T/oeMamARUw1S+Osld4goiTS2
gsRzhN7hvzHw7NqMJLV+xEZQFBVLRg0Fi2E3oOqk5dBRbd5cMzpWZ4HiMqsY3jHH
6h5RY0HLk4HqPxGzAk0KRF056hDf4PmuGZuHSYsBR8PPMS4HwF/p6772KEK/ajBG
VZr+v0Moi22dLMno+2SjkPy0rEOkRzOinOmqBLl6ajakn5lff0vR83eANTl3Vz2t
bfP4PJ8bbraMVVdUEa5VobdDD8pGTbrryiB71gWO2AwS0GVnq8JIBK8pGSMAXmfc
FNqxN/owYDSC+N3SlbOvK4YtIqbt5VKcU7nOuPzfBzm1cLMMq1NogzVN+FAdW9vr
l9WD3AnKon6REM4ZpimDOZX8/5k0WKhhPm1TWmPa7ZB9NYyzQlbxEUmIIkQIXasW
W0sVTeZ3vUwVQrUPilA8M0o8/cuWZleXs7RKNJP2T2r74olwUOw9E/afZXKxG9Hj
daA1yUeD6tnUYk/pITddKHQ2V7Qd0BdHO2DMqQ71Bkcb7vTm/Ni45/jDaScaivz0
7vdCwPkC9k/sLEHHZ1kd33fjsGddILf7azSBRameI+9tgKZdw3E=
=Z0tl
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list -- tor-relays@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-relays-leave@xxxxxxxxxxxxxxxxxxxx