I'm trying to help someone configure a MS 2008 DNS Server, that it doesn't answer DNS queries from the root zone as well as only answers queries with the recursive bit set from the lan it's connected to. Those two measurements are meant to avoid using the server as DDoS-Bounce server as well as cache snooping.
I couldn't find anything to it so far (only to bind), but it might be also me using the wrong words while searching.
Looking forward to your answers!