I think you can do it with a policy. Look at these powershell commands, there are a lot of possbilities:
https://docs.microsoft.com/en-us/powershell/module/dnsserver/add-dnsserverqueryresolutionpolicy?view=windowsserver2019-ps
 
Greetings Michael
 
 


On 01.11.2021 14:37, Benoît Panizzon wrote:

Dear Community

We have a customer who operates hosting and uses a Windows Server 2019
as DNS for his hosting customers and for which we occasionally receive
complaints about this being an open resolver prone to DNS amplification
attacks.

Customers requirements:

* DNS reachable from the Internet, for the domains he is authoritative
  for.
* DNS recursion available for hosting customers in his IP range.

He tells me, that he can only switch recursion on and off completely,
but not restrict the ip ranges for which is shall be available.

My quick search via Google, also only revealed how to turn recursion
off completely on a Windows Server 2019.

Hopefully some Microsoft Guru on this list, can tell, how to restrict
recursive access to certain IP ranges?

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar