Starting with Windows 2016, a new capability was added to PowerShell for DNS server. The following query policy will restrict answers to IPv4 only for external addresses while leaving full IPv6 support for internal (domain) addresses:
Add-DnsServerQueryResolutionPolicy -name "IPv4RecursionPolicy" -Action DENY -ApplyOnRecursion -InternetProtocol "EQ,IPv6"
It is important to note this is only available on Windows Server 2016 and later. This DNS query policy basically says "if using recursion (external to domain), do not answer with IPv6". If you look at the DNS server's cache, it has IPv6 addresses but it will only respond with IPv4 addresses because IPv6 addresses are blocked. This is great for feeding IPv4 restricted Exchange edge transport servers and for locations that do not have IPv6 from their ISP.
On the DC, you will need to repoint your IPv6 DNS to Auto so one does not get allocated. I also set the HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents to 32 so IPv4 is preferred. IPv6 is not disabled, just there to support domain operations onsite.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 64%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPL%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 73%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESQ%3C/text%3E%3C/svg%3E)