Well, actually I know that the risk is that somebody from an external network could access IPs and hostnames of the machines on a local network, but I am struggling to understand if this is it or if there is something else.
If the devices on the local network are all behind NAT, what would an attacker do with just a simple list of local IPs and hostnames?
It's all about recon. The more an attacker can map your network, the better off they are. This can be especially sensitive if you have static IP's that don't move around.
DNS servers, given you do not separate out recursive services from SOA (given you have any), can be used for various attacks that will affect hosts on your network such as cache poisoning.
Not to mention, that by opening up your DNS server with little config tweaking (rate-limiting, ACLs, etc.), you are opening yourself up for DNS Amplification and Reflection attacks similar to what is being seen with NTP lately. Examples and explanations of the NTP reflection can be found here: https://isc.sans.edu/diary/NTP+reflection+attacks+continue/17654
If you would like to know how to best secure your DNS server, I point you to the following document that the NSA published on securing the DNS architecture. All NSA jokes aside, this is some very good information that falls inline with industry best practices. The document can be found here: http://www.nsa.gov/ia/_files/vtechrep/I733-004R-2010.pdf
