But I guess you should apply similar ban to the Teredo well-known prefix 2001::/32, as there are also untrusted third-party gateways. Anyway, due to ephemeral nature of Teredo addresses, there would be virtually zero of then the public DNS, I guess.
That ban already exists See line 132 of the
bdns
privateV6Networks
map.