Some time ago, I’ve setup internal (AD based) DNS and external DNS for our domain. Now, when you do domain checkup with BIND tools, you will usualy get DNS version. For my external DNS it reported it was Windows server DNS. Now, for that problem (security issues), I found a solution on: http://www.admin-enclave.com/en/solutions/windows/146-hide-microsoft-dns-software-version.html
I is pretty simple, over CMD or over REGEDIT;
dnscmd /config /EnableVersionQuery 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DNS\Parameters\EnableVersionQuery to 0
More on the subject:
https://msdn.microsoft.com/en-us/library/cc422472.aspx
Good Luck
