Hi. I have a DNS server that's being exploited by DDOS. On this DNS server I host DNS records for about 300 or so of my clients. My ISP asked me if the server needed to be public and I said yes, however I think I'm wrong about that. No one needs to query the server from the outside (wan) as in using the public IP to resolve DNS however, I still the records on the server to spread publicly. I hope I can explaining this properly as DNS is not my forte but I am learning.