Note: If your server has a legitimate need to perform DNS recursion (example – you have applications that need to resolve external DNS), you can alternately disable and/or scope the local Windows Firewall rule that allows incoming DNS requests.
Windows 2003: Uncheck or remove any rules for DNS, DNS.exe or exceptions for port 53.
Windows 2008 and higher: You’ll want to disable or scope both DNS TCP and DNS UDP rules.
To disable DNS Recursion in Windows DNS:
Open DNS Manager (To open DNS Manager, click Start, point to Administrative Tools, and then click DNS.)
In the console tree, right-click the applicable DNS server, then click Properties.
Click the Advanced tab.
In Server options, select the Disable recursion check box
Under the Root Hints tab, delete all root hints entries, and then click OK.
Restart the DNS service (from the Services control panel)
How to disable recursion:
How to delete root hints:
For further reading:
Why DNS Recursion should be disabled for public access:
Content retrieved from: https://support.appliedi.net/kb/a1010/how-to-disable-recursion-on-a-windows-dns-server.aspx.