If you have a VPS or a dedicated server and the DNS Server is available, you must take a precaution on protecting your DNS server from DOS(Denial of Service) or DDOS(Distributed Denial of Service) Attack. The attacks can be done by sending huge fake volume queries to your DNS server so it can cause performance degradation on your server. To overcome this problem, you can do the following actions on your server.
1. Disable the DNS Recursion on your server.
This can be easily done via command prompt. Just open a cmd command on your server and you can type in the following command. The 1 value means off and 0 value mean you want to turn on the recursion.
dnscmd /Config /NoRecursion 1
If you prefer windows interface, you can open the DNS Manager, right click the Properties and in the Advanced tab in the Servers option there is a check box option to disable the DNS recursion.
2. Block external DNS request using built in Windows Firewall.
Open Windows Firewall with Advanced Security in your Windows server and click the Inbound Rules. Look for the DNS TCP and right click the icon and click Properties. In the scope tab, go to the Remote IP Address section and enter the IP Address that are allowed to access. Usually it will be the local IP Address which is 127.0.0.1 and you will need to assign any public IP address that is assigned to your server. Note: this is important that you need to assign the public IP Address. If you have internal IP address, remember to add it as well. Once this is done, do for the DNS UDP as well.