A patch has been released for the security vulnerability CVE-2020-1350, which has a 10 out of 10 on the CVSS scale and affects all Windows DNS servers from 2003 to 2019. However, since not everyone can patch systems right away, Microsoft has provided a workaround. The workaround restricts the size of DNS response packets, which only requires a restart of the DNS service and not the entire server. I recommend reading the knowledge base article to understand all the risks, prior to implementing in your environment.
The script below will apply the recommended registry setting and restart the DNS service on a remote computer.
$Computer = 'YourComputer'
Invoke-Command -computername $Computer -ScriptBlock {
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\DNS\Parameters" -Name "TcpReceivePacketSize" -Value "0xFF00" -PropertyType "DWord" -Force
Restart-Service -Name DNS -Force
}