Details on Jesper Blog

Microsoft recommends you mitigate the problem by disabling RPC management on DNS. They give the switch to do that, but no script to do it on a large number of DCs or DNS servers.

Here is how you do it on scale:

1. Generate a list of all your DCs or DNS servers. Put it in a file called DCList.txt. You can generate this list by right-clicking the Domain Controllers OU and selecting "Export List..." If you have a more complicated list write a query to get them. Below I show how to do that.
2. Log on as an Enterprise Admin (or a domain admin if you only have one domain)
3. Run this command in the directory where you put the DCList.txt file

for /f %i in (DCList.txt) do reg add \\%i\HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters /v RpcProtocol /t REG_DWORD /d 4

That's will change the setting. To set it back to the original you would run this command instead:

for /f %i in (DCList.txt) do reg delete \\%i\HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters /v RpcProtocol /f

Both changes require you to stop and restart the DNS service. You can use these commands for that:

for /f %i in (DCList.txt) do sc \\%i stop DNS
for /f %i in (DCList.txt) do sc \\%i start DNS